Security ConsiderationsΒΆ
The following modules have specific security considerations:
hashlib
: all constructors take a "usedforsecurity" keyword-only argument disabling known insecure and blocked algorithmshttp.server
is not suitable for production use, only implementing basic security checks. See the security considerations.random
shouldn't be used for security purposes, usesecrets
insteadshelve
: shelve is based on pickle and thus unsuitable for dealing with untrusted sourcestempfile
: mktemp is deprecated due to vulnerability to race conditionszipfile
: maliciously prepared .zip files can cause disk volume exhaustion