Security Considerations
The following modules have specific security considerations:
hashlib
: all constructors take a “usedforsecurity” keyword-only argument disabling known insecure and blocked algorithmshttp.server
is not suitable for production use, only implementing basic security checksrandom
shouldn’t be used for security purposes, usesecrets
insteadshelve
: shelve is based on pickle and thus unsuitable for dealing with untrusted sourcestempfile
: mktemp is deprecated due to vulnerability to race conditionszipfile
: maliciously prepared .zip files can cause disk volume exhaustion