Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
For 2021 - online Python 3 training - see ((here)).

Our plans were to retire in summer 2020 and see the world, but Coronavirus has lead us into a lot of lockdown programming in Python 3 and PHP 7.
We can now offer tailored online training - small groups, real tutors - works really well for groups of 4 to 14 delegates. Anywhere in the world; course language English.

Please ask about private 'maintenance' training for Python 2, Tcl, Perl, PHP, Lua, etc.
Python security - trouble with input

The danger of Python's input function - also known as giving away your secrets to your user.

If you're writing a Python program and asking your user for input, you should always use the raw_input function and never input. Why? Because what you type to input is interpretted through an expression and the result is saved into your target variable ... so not only does input assume that your user knows Python syntax, but it also opens some great little security holes.

Look at this program.

Something = "your toes"
Secret = "I have ten of them"

value = input("Please enter your age ")
print "You are",value,
print "and you have a secret about",Something


And look how easy it is to find out all the variables that are used inthe program, and their contents:

earth-wind-and-fire$ python dain
Please enter your age dir()
You are ['Secret', 'Something', '__builtins__', '__doc__', '__file__', '__name__'] and you have a secret about your toes
earth-wind-and-fire:$ python dain
Please enter your age Secret
You are I have ten of them and you have a secret about your toes
earth-wind-and-fire:$


First run ... find out what all the defined variables are called. Second run ... start reading those variables. Ouch!
(written 2006-11-30)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
Y102 - Python - Fundamentals
  [328] Making programs easy for any user to start - (2005-05-29)
  [633] Copying a reference, or cloning - (2006-03-05)
  [748] Getting rid of variables after you have finished with them - (2006-06-06)
  [1430] Integer v float - Python - (2007-11-12)
  [1448] Question on division (Java) - Also Perl, PHP, Python ... - (2007-11-28)
  [1461] Python - input v raw input - (2007-12-06)
  [1878] Pascals Triangle in Python and Java - (2008-11-10)
  [2368] Python - fresh examples of all the fundamentals - (2009-08-20)
  [2442] Variable storage - Perl, Tcl and Python compared - (2009-10-08)
  [2778] Learning to program in Python 2 ... and / or in Python 3 - (2010-05-24)
  [3083] Python - fresh examples from recent courses - (2010-12-11)
  [3181] Beware - a=a+b and a+=b are different - Python - (2011-02-23)
  [3278] Do I need to initialise variables - programming in C, C++, Perl, PHP, Python, Ruby or Java. - (2011-05-05)
  [3551] Some terms used in programming (Biased towards Python) - (2011-12-12)
  [3886] Formatting output - why we need to, and first Python example - (2012-10-09)
  [3917] BODMAS - the order a computer evaluates arithmetic expressions - (2012-11-09)
  [4324] Learning to program - variables and constants - (2014-11-22)
  [4442] Mutable v Immuatble objects in Python, and the implication - (2015-02-24)
  [4712] A reminder of the key issues to consider in moving from Python 2 to Python 3 - (2016-10-30)


Back to
Python collections - mutable and imutable
Previous and next
or
Horse's mouth home
Forward to
Improving the historic town of Melksham
Some other Articles
1st, 2nd, 3rd revisited in Ruby
It's the 1st, not the 1nd 1rd or 1th.
Plain Ole nice pictures
Improving the historic town of Melksham
Python security - trouble with input
Python collections - mutable and imutable
Splitting Pythons in Bradford
Christmas in November
Coming from London to Melksham by train for a course
What happened at Geekmas
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2021: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/956_Pyth ... input.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb