Security Considerations

The following modules have specific security considerations:

• base64: base64 security considerations in RFC 4648

• cgi: CGI security considerations

• hashlib: all constructors take a “usedforsecurity” keyword-only argument disabling known insecure and blocked algorithms

• http.server is not suitable for production use, only implementing basic security checks. See the security considerations.

• logging: Logging configuration uses eval()

• multiprocessing: Connection.recv() uses pickle

• pickle: Restricting globals in pickle

• random shouldn’t be used for security purposes, use secrets instead

• shelve: shelve is based on pickle and thus unsuitable for dealing with untrusted sources

• ssl: SSL/TLS security considerations

• subprocess: Subprocess security considerations

• tempfile: mktemp is deprecated due to vulnerability to race conditions

• xml: XML vulnerabilities

• zipfile: maliciously prepared .zip files can cause disk volume exhaustion

The -I command line option can be used to run python in isolated mode. When it cannot be used, the -P option or the PYTHONSAFEPATH environment variable can be used to not prepend a potentially unsafe path to sys.path such as the current directory, the script’s directory or an empty string.

新闻名称：创新互联Python教程：SecurityConsiderations
本文地址：http://www.shufengxianlan.com/qtweb/news38/448788.html

网站建设、网络推广公司-创新互联，是专注品牌与效果的网站制作，网络营销seo公司；服务项目有等

广告

声明：本网站发布的内容（图片、视频和文字）以用户投稿、用户转载内容为主，如果涉及侵权请尽快告知，我们将会在第一时间删除。文章观点不代表本网站立场，如需处理请联系客服。电话：028-86922220；邮箱：631063699@qq.com。内容未经允许不得转载，或转载时需注明来源： 创新互联