.. versionadded:: 3.6
:func:`blake2b` and :func:`blake2s` were added.
+.. _hashlib-usedforsecurity:
+
.. versionchanged:: 3.9
All hashlib constructors take a keyword-only argument *usedforsecurity*
with default value ``True``. A false value allows the use of insecure and
send it to the socket as a sequence of bytes preceded by a four-byte length
string packed in binary using ``struct.pack('>L', n)``.
+ .. _logging-eval-security:
+
.. note::
Because portions of the configuration are passed through
>>> arr2
array('i', [0, 1, 2, 3, 4, 0, 0, 0, 0, 0])
+.. _multiprocessing-recv-pickle-security:
.. warning::
--- /dev/null
+.. _security-warnings:
+
+.. index:: single: security considerations
+
+Security Considerations
+=======================
+
+The following modules have specific security considerations:
+
+* :mod:`cgi`: :ref:`CGI security considerations <cgi-security>`
+* :mod:`hashlib`: :ref:`all constructors take a "usedforsecurity" keyword-only
+ argument disabling known insecure and blocked algorithms
+ <hashlib-usedforsecurity>`
+* :mod:`http.server` is not suitable for production use, only implementing
+ basic security checks
+* :mod:`logging`: :ref:`Logging configuration uses eval()
+ <logging-eval-security>`
+* :mod:`multiprocessing`: :ref:`Connection.recv() uses pickle
+ <multiprocessing-recv-pickle-security>`
+* :mod:`pickle`: :ref:`Restricting globals in pickle <pickle-restrict>`
+* :mod:`random` shouldn't be used for security purposes, use :mod:`secrets`
+ instead
+* :mod:`shelve`: :ref:`shelve is based on pickle and thus unsuitable for
+ dealing with untrusted sources <shelve-security>`
+* :mod:`ssl`: :ref:`SSL/TLS security considerations <ssl-security>`
+* :mod:`subprocess`: :ref:`Subprocess security considerations
+ <subprocess-security>`
+* :mod:`tempfile`: :ref:`mktemp is deprecated due to vulnerability to race
+ conditions <tempfile-mktemp-deprecated>`
+* :mod:`xml`: :ref:`XML vulnerabilities <xml-vulnerabilities>`
+* :mod:`zipfile`: :ref:`maliciously prepared .zip files can cause disk volume
+ exhaustion <zipfile-resources-limitations>`
Such as allowable characters in the directory entries, length of the file name,
length of the pathname, size of a single file, and number of files, etc.
+.. _zipfile-resources-limitations:
+
Resources limitations
~~~~~~~~~~~~~~~~~~~~~
projects / thirdparty / Python / cpython.git / commitdiff
