Training, Open Source computer languages

PerlPHPPythonMySQLhttpd / TomcatTclRubyJavaC and C++LinuxCSS

Search our site for:
Print friendly page
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
Python security - trouble with input
The danger of Python's input function - also known as giving away your secrets to your user.

If you're writing a Python program and asking your user for input, you should always use the raw_input function and never input. Why? Because what you type to input is interpretted through an expression and the result is saved into your target variable ... so not only does input assume that your user knows Python syntax, but it also opens some great little security holes.

Look at this program.

Something = "your toes"
Secret = "I have ten of them"

value = input("Please enter your age ")
print "You are",value,
print "and you have a secret about",Something

And look how easy it is to find out all the variables that are used inthe program, and their contents:

earth-wind-and-fire$ python dain
Please enter your age dir()
You are ['Secret', 'Something', '__builtins__', '__doc__', '__file__', '__name__'] and you have a secret about your toes
earth-wind-and-fire:$ python dain
Please enter your age Secret
You are I have ten of them and you have a secret about your toes
earth-wind-and-fire:$

First run ... find out what all the defined variables are called. Second run ... start reading those variables. Ouch!
(written 2006-11-30 07:53:25)

 
Associated topics are indexed under
Y102 - Python - Fundamentals

Back to
Python collections - mutable and imutable
 Previous and next
or
Horse's mouth home		 Forward to
Improving the historic town of Melksham

Some other Articles
1st, 2nd, 3rd revisited in Ruby
It's the 1st, not the 1nd 1rd or 1th.
Plain Ole nice pictures
Improving the historic town of Melksham
Python security - trouble with input
Python collections - mutable and imutable
Splitting Pythons in Bradford
Christmas in November
Coming from London to Melksham by train for a course
What happened at Geekmas
1637 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).
Public Course Enquiry / Booking
Courses that run regularly at our UK training Centre.
[Schedule] - [About] - [Book]
Related short articles
Using a utility method to construct objects of different types - Python
Tektronix 4010 series / Python Tuples
Gant charts - drawing them with a PHP script
Underlining in Perl and Python - the x and * operator in use
Replacing the last comma with an and
Strange behaviour of web directory requests without a trailing slash
Getting somewhere with the train service
Advanced Python, Perl, PHP and Tcl training courses / classes
Are nasty programs looking for security holes on your server?
Teaching Object Oriented Java with Students and Ice Cream
Short and sweet and sticky - PHP form input
Python - formatting objects
Perl, PHP or Python? No - Perl AND PHP AND Python!
Perl, PHP, Python, Tcl, Linux, MySQL, Ruby courses ...
Python Script - easy examples of lots of basics
Python - input v raw input
Question on division (Java) - Also Perl, PHP, Python ...
Above the fold with First Great Western
Integer v float - Python
Buffering of inputs to expect, and match order
Perl - progress bar, supressing ^C and coping with huge data flows
Using PHP to upload images / Store on MySQL database - security questions
Load Balancing with Apache mod_jk (httpd/Tomcat)
Python v Ruby
Look forward with a new broom - Wiltshire Train Service
Tk locks up - 100% c.p.u. on a simple program (Tcl, Perl, Python)
Handling Binary data in Tcl (with a note on C)
2008 course schedule - Perl, Python, PHP, Linux, Java Deployment, Ruby and more
Filtering and altering Perl lists with grep and map
Python class rattling around
Last elements in a Perl or Python list
Keep in touch with PHP, Perl, Python and old friends too
Trying things in Python
Outputting numbers as words - MySQL with Perl or PHP
Returning multiple values from a function (Perl, PHP, Python)
No switch in Python
Back off home with our best wishes
A pu that got me into trouble
Turning objects into something you can store - Pickling (Python)
Python decorators - wrapping a method call in extra code
__new__ v __init__ - python constructor alternatives?
Using a list of keys and a list of values to make a dictionary in Python - zip
Python dictionary for quick look ups
Python GTK - Widget, Packing, Event and Feedback example
Buffering output - why it is done and issues raised in Tcl, Perl, Python and PHP
Function / method parameters with * and ** in Python
MySQL - Password security (authentication protocol)
Sharing the load with Apache httpd and perhaps Tomcat
Python - two different splits
Sample script - FTP to get a file from within PHP
Rail trouble forced me to buy hotel
Sending an email from Python
Nested exceptions in Python
Python Qt, wX, TkInter, and Jython - training??
Positioning with Cascading Style Sheets
String duplication - x in Perl, * in Python and Ruby
Python security - trouble with input
Python collections - mutable and imutable
Splitting Pythons in Bradford
Python and the Magic Roundabout
Sludge off the mountain, and Python and PHP
Matching within multiline strings, and ignoring case in regular expressions
Swipe cards for hotel rooms - Security issues
Python - A list of methods
Recursion in Python
Python is like a narrowboat
Pieces of Python
Python - listing out the contents of all variables
Python - function v method
Python - extend v append on a list
Is Perl being replaced by PHP and Python?
Build on what you already have with OO
Python - when to use the in operator
Python makes University Challenge
Comparison of Object Oriented Philosophy - Python, Java, C++, Perl
Where to go within 30 minutes of Melksham
No news is good news with Unix and Linux
Dynamic functions and names - Python
A bad place for security firms
New - Conditional expressions in Python 2.5
Tk - laying out your GUI with frames, pack and grid
Horse and Python training
Python 3000 - the next generation
Getting rid of variables after you have finished with them
Python modules. The distribution, The Cheese Shop and the Vaults of Parnassus.
Reading the newspaper and working with other restrictions
Linux training Glasgow, Python programming course Dundee
Python - block insets help with documentation
Python to MySQL
The ternary operator in Python
Please Register with Opentalk - but just once!
Design your day with a walk
PHP - setting sort order with an associative array
Add a friendly front end with Tk
Robust PHP user inputs
Looking for Python staff
Loosing breath with Gerald
What to do with milk
Python's Generator functions
Repeating tasks with crontab
A company we can work with
Python printf
Running a Perl script within a PHP page
I wanna be a Python trainer
Accessing a page via POST from within a PHP script
Difference between import and from in Python
Functions and commands with dangerous names
Overloading of operators on standard objects in Python
Central London Courses - Perl, PHP, Python, Tcl, MySQL
Exceptions in Python
Chicken soup without the religion
The backtick operator in Python and Perl
Within about an hour
Lambdas in Python
Using a Python dictionary as a holder of object attributes
Python generator functions, lambdas, and iterators
Elegant languages - Perl, PHP, Python
Searching security holes
Difficulties with a trolley
Crossfertilisation, PHP to Python
Cheap purchase - votes paid for with selfish promises
Fox and Python
Python engines
The elegance of Python
Perl - redo and last without a loop
Can't resist writing about Python
Python is a fabulous language
Near and far security
Security and Safety
Python training
© WELL HOUSE CONSULTANTS LTD., 2008: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 707126 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho