[Zope] Re: [Fwd: [USN-359-1] Python vulnerability]

Tres Seaver tseaver at palladion.com
Sat Oct 7 19:07:28 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andreas Jung wrote:
> 
> 
> --On 6. Oktober 2006 12:32:51 -0400 Tres Seaver <tseaver at palladion.com>
> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Chris Withers wrote:
>>> ouch... I'd imagine Zope is vulnerable to this?
>>>
> 
>> What source version(s) of python have these problems fixed?
>>  If you build
>> Python using the default config, it uses UCS2 (which is a better choice
>> for long-running appservers, anyway).
> 
> Why should be UCS2 the better choice (except for the reduced memory usage)?

That *is* the reason -- doubling the storage required for Unicode
strings provides no benefit, unless most of the strings you use are in
codepoint ranges which require escaping in UCS2 (which won't be true for
sites using "Western" languages, anyway).

Zope is RAM-hungry enough, without that overhead.


Tres.
- --
===================================================================
Tres Seaver          +1 202-558-7113          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFKDMv+gerLs4ltQ4RAjSeAKCi8wwEVg5ZLD93OC3/IuQVkx6auQCeOPKw
5NF4/ffEGbKEh50RKvY6fFY=
=WGr4
-----END PGP SIGNATURE-----


More information about the Zope mailing list