Security ConsiderationsΒΆ
The following modules have specific security considerations:
- hashlib: all constructors take a "usedforsecurity" keyword-only argument disabling known insecure and blocked algorithms
- http.serveris not suitable for production use, only implementing basic security checks. See the security considerations.
- randomshouldn't be used for security purposes, use- secretsinstead
- shelve: shelve is based on pickle and thus unsuitable for dealing with untrusted sources
- tempfile: mktemp is deprecated due to vulnerability to race conditions
- zipfile: maliciously prepared .zip files can cause disk volume exhaustion