Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

note about security, fixes #38

  • Loading branch information...
commit 3de6603cf88a7fe3d91033495260545ad12fd88b 1 parent 86eb8f2
Dave Halter authored
Showing with 10 additions and 0 deletions.
  1. +10 −0 README.rst
10 README.rst
View
@@ -136,6 +136,16 @@ the first time. If you want to speed it up, you could write import hooks in
jedi, which preloads this stuff. However, once loaded, this is not a problem
anymore. The same is true for huge modules like ``PySide``, ``wx``, etc.
+Security is an important issue for Jedi. Therefore no Python code is executed.
+As long as you write pure python, everything is evaluated statically. But: If
+you use builtin modules (`c_builtin`) there is no other option than to execute
+those modules. However: Execute isn't that critical (as e.g. in pythoncomplete,
+which used to execute *every* import!), because it means one import and no
+more. So basically the only dangerous thing is using the import itself. If your
+`c_builtin` uses some strange initializations, it might be dangerous. But if it
+does you're screwed anyways, because eventualy you're going to execute your
+code, which executes the import.
+
A little history
================
Please sign in to comment.
Something went wrong with that request. Please try again.