python Programming Glossary: attacker
pyramid AuthTktAuthenticationPolicy secret parameter http://stackoverflow.com/questions/12765349/pyramid-authtktauthenticationpolicy-secret-parameter possession of that secret can create these cookies if an attacker ever got hold of it he could generate authentication cookies..
python passlib: what is the best value for “rounds” http://stackoverflow.com/questions/13545677/python-passlib-what-is-the-best-value-for-rounds 2 n 31 rounds days is the number of days before the attacker has a 50 50 chance of guessing the password. dollars is the.. a 50 50 chance of guessing the password. dollars is the attackers' hardware budget in USD . n is the average amount of entropy.. if an average password has 32 bits of entropy and the attacker has a 2000 system with a good GPU then at 30000 rounds they..
Create a temporary FIFO (named pipe) in Python? http://stackoverflow.com/questions/1430446/create-a-temporary-fifo-named-pipe-in-python is the race condition where it is possible for an attacker to create a file with the same name before you open it yourself.. usual security issues that need to be considered e.g. an attacker could create the fifo if they had suitable permissions before..
Obfuscating python bytecode through interpreter mutation http://stackoverflow.com/questions/14997414/obfuscating-python-bytecode-through-interpreter-mutation some security measures inside your program. However an attacker might be able for example to extract your custom Python interpreter.. some modules from the Python standard library. If an attacker guesses that you have shuffled the opcodes he could do a byte.. as mentioned in the updated question. This forces the attacker to use machine code debugging to look for the decryption code...
Why the order in Python dictionaries is arbitrary? http://stackoverflow.com/questions/15479928/why-the-order-in-python-dictionaries-is-arbitrary to prevent certain types of denial of service where an attacker renders a Python server unresponsive by causing mass hash collisions..
How safe is expression evaluation using eval? http://stackoverflow.com/questions/1994071/how-safe-is-expression-evaluation-using-eval to use eval even with built ins emptied and blocked the attacker can start with a literal get its __class__ etc etc up to object.. is just too strong to stand up to a skilled determined attacker. ast.literal_eval is safe if you can live by its limitations.....
Why is using thread locals in Django bad? http://stackoverflow.com/questions/3227180/why-is-using-thread-locals-in-django-bad class. I don't find that argument convincing though if an attacker can execute arbitrary Python code as your backend your system..
Encrypting a file with RSA in Python http://stackoverflow.com/questions/6309958/encrypting-a-file-with-rsa-in-python data with RSA. The most obvious concern is that the attacker knows the public key and can therefore attempt to guess the.. and can therefore attempt to guess the plaintext if the attacker thinks the plaintext may be swordfish then the attacker can.. attacker thinks the plaintext may be swordfish then the attacker can encrypt swordfish with the RSA public key and compare the..
How do I check if a file exists using Python? http://stackoverflow.com/questions/82831/how-do-i-check-if-a-file-exists-using-python that can often lead to security vulnerabilities. An attacker can create a symlink to an arbitrary file immediately after..
python eval vs ast.literal_eval vs JSON decode http://stackoverflow.com/questions/9949533/python-eval-vs-ast-literal-eval-vs-json-decode might read untrusted data one day an this would allow an attacker to run arbitrary code on your machine. You shouldn't use ast.literal_eval..
|