funsec mailing list archives
Re: Google, Python, and the future of AJAX applications
From: Valdis.Kletnieks () vt edu
Date: Tue, 14 Mar 2006 14:30:06 -0500
On Sun, 12 Mar 2006 12:02:45 EST, "Richard M. Smith" said:
Python, on the other hand, has much richer collection of runtime libraries. In addition, Python has already even been integrated into Internet Explorer using Microsoft's ActiveScripting interface. This support includes full access to Document Object Model (DOM) of Web pages.
Oh great- active code *again*, only this time it will include an actual runtime so the bad guys can actually program stuff... And the security model is what, exactly?
The second piece of work for Google is to do a complete security review of a Python runtime system to make sure all dangerous runtime functions such as file I/O and the program execution functions are turned off. Unfortunately, Python has had some problems with security in the past when used in Internet Explorer. (See http://tinyurl.com/mfoxb)
Egg-zactly.
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Google, Python, and the future of AJAX applications Richard M. Smith (Mar 12)
- Re: Google, Python, and the future of AJAX applications Florian Weimer (Mar 12)
- Re: Google, Python, and the future of AJAX applications Paul Vixie (Mar 12)
- RE: Google, Python, and the future of AJAX applications Richard M. Smith (Mar 12)
- RE: Google, Python, and the future of AJAX applications Larry Seltzer (Mar 12)
- Re: Google, Python, and the future of AJAX applications Drsolly (Mar 13)
- Re: Google, Python, and the future of AJAX applications Paul Vixie (Mar 13)
- RE: Google, Python, and the future of AJAX applications Richard M. Smith (Mar 12)
- Re: Google, Python, and the future of AJAX applications Valdis . Kletnieks (Mar 14)
- RE: Google, Python, and the future of AJAX applications Richard M. Smith (Mar 14)