funsec mailing list archives

Re: Google, Python, and the future of AJAX applications

From: Valdis.Kletnieks () vt edu
Date: Tue, 14 Mar 2006 14:30:06 -0500

On Sun, 12 Mar 2006 12:02:45 EST, "Richard M. Smith" said:

Python, on the other hand, has much richer collection of runtime libraries.
In addition, Python has already even been integrated into Internet Explorer
using Microsoft's ActiveScripting interface.  This support includes full
access to Document Object Model (DOM) of Web pages.


Oh great- active code *again*, only this time it will include an actual
runtime so the bad guys can actually program stuff...

And the security model is what, exactly?

The second piece of work for Google is to do a complete security review of a
Python runtime system to make sure all dangerous runtime functions such as
file I/O and the program execution functions are turned off.  Unfortunately,
Python has had some problems with security in the past when used in Internet
Explorer.  (See http://tinyurl.com/mfoxb)


Egg-zactly.

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Google, Python, and the future of AJAX applications Richard M. Smith (Mar 12)
- Re: Google, Python, and the future of AJAX applications Florian Weimer (Mar 12)
- Re: Google, Python, and the future of AJAX applications Paul Vixie (Mar 12)
  - RE: Google, Python, and the future of AJAX applications Richard M. Smith (Mar 12)
    - RE: Google, Python, and the future of AJAX applications Larry Seltzer (Mar 12)
  - Re: Google, Python, and the future of AJAX applications Drsolly (Mar 13)
    - Re: Google, Python, and the future of AJAX applications Paul Vixie (Mar 13)
- Re: Google, Python, and the future of AJAX applications Valdis . Kletnieks (Mar 14)
  - RE: Google, Python, and the future of AJAX applications Richard M. Smith (Mar 14)