Navigation

  • index
  • modules |
  • next |
  • previous |
  • Python »
  • 3.9.7 Documentation »
  • The Python Standard Library »
  • |

Security Considerations¶

The following modules have specific security considerations:

  • cgi: CGI security considerations

  • hashlib: all constructors take a “usedforsecurity” keyword-only argument disabling known insecure and blocked algorithms

  • http.server is not suitable for production use, only implementing basic security checks

  • logging: Logging configuration uses eval()

  • multiprocessing: Connection.recv() uses pickle

  • pickle: Restricting globals in pickle

  • random shouldn’t be used for security purposes, use secrets instead

  • shelve: shelve is based on pickle and thus unsuitable for dealing with untrusted sources

  • ssl: SSL/TLS security considerations

  • subprocess: Subprocess security considerations

  • tempfile: mktemp is deprecated due to vulnerability to race conditions

  • xml: XML vulnerabilities

  • zipfile: maliciously prepared .zip files can cause disk volume exhaustion

Previous topic

Undocumented Modules

Next topic

Extending and Embedding the Python Interpreter

This Page

  • Report a Bug
  • Show Source

Navigation

  • index
  • modules |
  • next |
  • previous |
  • Python »
  • 3.9.7 Documentation »
  • The Python Standard Library »
  • |
© Copyright 2001-2021, Python Software Foundation.
The Python Software Foundation is a non-profit corporation. Please donate.

Last updated on Oct 02, 2021. Found a bug?
Created using Sphinx 2.4.4.