Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Python security - trouble with input

The danger of Python's input function - also known as giving away your secrets to your user.

If you're writing a Python program and asking your user for input, you should always use the raw_input function and never input. Why? Because what you type to input is interpretted through an expression and the result is saved into your target variable ... so not only does input assume that your user knows Python syntax, but it also opens some great little security holes.

Look at this program.

Something = "your toes"
Secret = "I have ten of them"

value = input("Please enter your age ")
print "You are",value,
print "and you have a secret about",Something


And look how easy it is to find out all the variables that are used inthe program, and their contents:

earth-wind-and-fire$ python dain
Please enter your age dir()
You are ['Secret', 'Something', '__builtins__', '__doc__', '__file__', '__name__'] and you have a secret about your toes
earth-wind-and-fire:$ python dain
Please enter your age Secret
You are I have ten of them and you have a secret about your toes
earth-wind-and-fire:$


First run ... find out what all the defined variables are called. Second run ... start reading those variables. Ouch!
(written 2006-11-30)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
Y102 - Python - Fundamentals
  [328] Making programs easy for any user to start - (2005-05-29)
  [633] Copying a reference, or cloning - (2006-03-05)
  [748] Getting rid of variables after you have finished with them - (2006-06-06)
  [1430] Integer v float - Python - (2007-11-12)
  [1448] Question on division (Java) - Also Perl, PHP, Python ... - (2007-11-28)
  [1461] Python - input v raw input - (2007-12-06)
  [1878] Pascals Triangle in Python and Java - (2008-11-10)
  [2368] Python - fresh examples of all the fundamentals - (2009-08-20)
  [2442] Variable storage - Perl, Tcl and Python compared - (2009-10-08)
  [2778] Learning to program in Python 2 ... and / or in Python 3 - (2010-05-24)
  [3083] Python - fresh examples from recent courses - (2010-12-11)
  [3181] Beware - a=a+b and a+=b are different - Python - (2011-02-23)
  [3278] Do I need to initialise variables - programming in C, C++, Perl, PHP, Python, Ruby or Java. - (2011-05-05)
  [3551] Some terms used in programming (Biased towards Python) - (2011-12-12)
  [3886] Formatting output - why we need to, and first Python example - (2012-10-09)
  [3917] BODMAS - the order a computer evaluates arithmetic expressions - (2012-11-09)
  [4324] Learning to program - variables and constants - (2014-11-22)
  [4442] Mutable v Immuatble objects in Python, and the implication - (2015-02-24)
  [4712] A reminder of the key issues to consider in moving from Python 2 to Python 3 - (2016-10-30)


Back to
Python collections - mutable and imutable
Previous and next
or
Horse's mouth home
Forward to
Improving the historic town of Melksham
Some other Articles
1st, 2nd, 3rd revisited in Ruby
It's the 1st, not the 1nd 1rd or 1th.
Plain Ole nice pictures
Improving the historic town of Melksham
Python security - trouble with input
Python collections - mutable and imutable
Splitting Pythons in Bradford
Christmas in November
Coming from London to Melksham by train for a course
What happened at Geekmas
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/956_.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb