Message6095
From: https://hackernoon.com/10-common-security-gotchas-in-python-and-
how-to-avoid-them-e19fbe265e03
I took a quick look. Most of them are obvious debugging only
changes, but I didn't analyze all of them.
==
3. Assert statements
Don’t use assert statements to guard against pieces of code that a user
shouldn’t access. Take this simple example
def foo(request, user):
assert user.is_admin, “user does not have access”
# secure code...
Now, by default Python executes with __debug__ as true, but in a
production environment it’s common to run with optimizations. This will
skip the assert statement and go straight to the secure code regardless
of whether the user is_admin or not.
Fix:
Only use assert statements to communicate with other developers, such
as in unit tests or in to guard against incorrect API usage.
== |
|
| Date |
User |
Action |
Args |
| 2018-06-27 00:22:44 | rouilj | set | recipients:
+ rouilj |
| 2018-06-27 00:22:43 | rouilj | set | messageid: <1530058963.92.0.56676864532.issue2550962@psf.upfronthosting.co.za> |
| 2018-06-27 00:22:43 | rouilj | link | issue2550962 messages |
| 2018-06-27 00:22:41 | rouilj | create | |
|