就业培训 下载中心 Wiki 联络 登录 注册 首页 Python 3.12.4 索引 模块 下一 上一 Python 标准库 安全注意事项 安全注意事项 ¶ The following modules have specific security considerations: base64 : base64 security considerations in RFC 4648 cgi : CGI security considerations hashlib : all constructors take a “usedforsecurity” keyword-only argument disabling known insecure and blocked algorithms http.server is not suitable for production use, only implementing basic security checks. See the security considerations . logging : Logging configuration uses eval() multiprocessing : Connection.recv() uses pickle pickle : Restricting globals in pickle random shouldn’t be used for security purposes, use secrets 代替 shelve : shelve is based on pickle and thus unsuitable for dealing with untrusted sources ssl : SSL/TLS 安全注意事项 subprocess : Subprocess security considerations tempfile : mktemp is deprecated due to vulnerability to race conditions xml : XML vulnerabilities zipfile : maliciously prepared .zip files can cause disk volume exhaustion The -I command line option can be used to run Python in isolated mode. When it cannot be used, the -P option or the PYTHONSAFEPATH environment variable can be used to not prepend a potentially unsafe path to sys.path such as the current directory, the script’s directory or an empty string. 上一话题 xdrlib — 编码和解码 XDR 数据 下一话题 扩展和嵌入 Python 解释器 本页 报告 Bug 展示源 快速搜索 键入搜索术语或模块、类、函数名称。 首页 Python 3.12.4 索引 模块 下一 上一 Python 标准库 安全注意事项
The following modules have specific security considerations:
base64 : base64 security considerations in RFC 4648
base64
cgi : CGI security considerations
cgi
hashlib : all constructors take a “usedforsecurity” keyword-only argument disabling known insecure and blocked algorithms
hashlib
http.server is not suitable for production use, only implementing basic security checks. See the security considerations .
http.server
logging : Logging configuration uses eval()
logging
multiprocessing : Connection.recv() uses pickle
multiprocessing
pickle : Restricting globals in pickle
pickle
random shouldn’t be used for security purposes, use secrets 代替
random
secrets
shelve : shelve is based on pickle and thus unsuitable for dealing with untrusted sources
shelve
ssl : SSL/TLS 安全注意事项
ssl
subprocess : Subprocess security considerations
subprocess
tempfile : mktemp is deprecated due to vulnerability to race conditions
tempfile
xml : XML vulnerabilities
xml
zipfile : maliciously prepared .zip files can cause disk volume exhaustion
zipfile
The -I command line option can be used to run Python in isolated mode. When it cannot be used, the -P option or the PYTHONSAFEPATH environment variable can be used to not prepend a potentially unsafe path to sys.path such as the current directory, the script’s directory or an empty string.
-I
-P
PYTHONSAFEPATH
sys.path
xdrlib — 编码和解码 XDR 数据
xdrlib
扩展和嵌入 Python 解释器
键入搜索术语或模块、类、函数名称。