Add discussion of security issues.
This commit is contained in:
parent
59008e8009
commit
d2a8910fd3
11
pep-0383.txt
11
pep-0383.txt
|
@ -104,6 +104,17 @@ will produce non-sensical data.
|
||||||
Data obtained from other sources may conflict with data produced
|
Data obtained from other sources may conflict with data produced
|
||||||
by this PEP. Dealing with such conflicts is out of scope of the PEP.
|
by this PEP. Dealing with such conflicts is out of scope of the PEP.
|
||||||
|
|
||||||
|
This PEP allows to "smuggle" bytes in character strings. This would
|
||||||
|
be a security risk if the bytes are security-critical when interpreted
|
||||||
|
as characters on a target system, such as path name separators. For
|
||||||
|
this reason, the PEP rejects smuggling bytes below 128. If the target
|
||||||
|
system uses EBCDIC, such smuggled bytes may still a security risk,
|
||||||
|
allowing to smuggle, e.g. square brackets or the backslash. Python
|
||||||
|
currently does not support EBCDIC, so this should not be a problem in
|
||||||
|
practice. Anybody porting Python to an EBCDIC system might want to
|
||||||
|
adjust the error handlers, or come up with other approaches to address
|
||||||
|
the security risks.
|
||||||
|
|
||||||
Encodings that are not compatible with ASCII are not supported by
|
Encodings that are not compatible with ASCII are not supported by
|
||||||
this specification; bytes in the ASCII range that fail to decode
|
this specification; bytes in the ASCII range that fail to decode
|
||||||
will cause an exception. It is widely agreed that such encodings
|
will cause an exception. It is widely agreed that such encodings
|
||||||
|
|
Loading…
Reference in New Issue