|
|
Log in / Subscribe / Register

Semi-closing a hole

Semi-closing a hole

Posted Apr 12, 2012 16:09 UTC (Thu) by iabervon (subscriber, #722)
In reply to: Semi-closing a hole by man_ls
Parent article: Python 2.6.8, 2.7.3, 3.1.5, and 3.2.3 security release

I think the test repeatability issue would be best solved by having the test framework able to select the random hash. One of the biggest things that's made my test code easier to write is having the framework cause the function that returns the current time return a constant instead of the actual time. Then there's something to have the random password salt be a particular value. Along with those, it's quite reasonable to have the hash order be fixed. (For that matter, it would even be nice to tie all these together, so that your application generates obviously-wrong times if your hash isn't random, so you'll notice.)

to post comments

Semi-closing a hole

Posted Apr 12, 2012 16:58 UTC (Thu) by dskoll (subscriber, #1630) [Link]

Even that might fail if newer versions of Python change the hash function. I think the only sane approach is for the test framework to sort the hash keys into a canonical order for comparison.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds