The following modules have specific security considerations:
hashlib: all constructors take a “usedforsecurity” keyword-only argument disabling known insecure and blocked algorithms
http.serveris not suitable for production use, only implementing basic security checks. See the security considerations.
randomshouldn’t be used for security purposes, use
shelve: shelve is based on pickle and thus unsuitable for dealing with untrusted sources
tempfile: mktemp is deprecated due to vulnerability to race conditions
zipfile: maliciously prepared .zip files can cause disk volume exhaustion
-I command line option can be used to run Python in isolated
mode. When it cannot be used, the
-P option or the
PYTHONSAFEPATH environment variable can be used to not prepend a
potentially unsafe path to
sys.path such as the current directory, the
script’s directory or an empty string.