# I think Python is not a secure language.



## fender0107401 (Oct 3, 2011)

For example, see the following codes:


```
#!/usr/bin/env python

import time, random

current_time = time.gmtime()

random.seed(current_time)

x = [1, 2]
y = [1, 2]

[B]for i in x:
        for j in y:
                result = random.random()
                print str(result)[/B]
```


```
#!/usr/bin/env python

import time, random

current_time = time.gmtime()

random.seed(current_time)

x = [1, 2]
y = [1, 2]

[B]for i in x:
        for j in y:
                result = random.random()

        print str(result)[/B]
```


```
#!/usr/bin/env python

import time, random

current_time = time.gmtime()

random.seed(current_time)

x = [1, 2]
y = [1, 2]
[B]
for i in x:
        for j in y:
                result = random.random()
       
print str(result)[/B]
```

They are similar and they absolutely valid, but they are different.

In other words, when writing in Python we have to pay too much attention to the indentation.

x(


----------



## SirDice (Oct 3, 2011)

This has nothing to do with the security of the language.


----------



## vermaden (Oct 3, 2011)

@fender0107401

1. The programmer is responsible for security, not the language
2. Use and KNOW tools You use, such things can be unknown to people who see Python for the first time, but not for people who use it all the time


----------



## fender0107401 (Oct 3, 2011)

I don't know why Python is popular.

This could cause some potential problems which are very difficult to find.


----------



## vermaden (Oct 3, 2011)

fender0107401 said:
			
		

> This could cause some potential problems which are very difficult to find.



Seems that You haven't tried C/C++/Java yet, write the same quite complicated and graphical application in both Python and C (lets say GTK2) and we will get back to that discussion


----------



## kpedersen (Oct 3, 2011)

You could always write a script that converts { and } into a different number of tabs depending on their depth. Then you can write python with {'s instead of \t's 

I must admit though, I personally dont like code that has different meaning depending on the whitespace but I appreciate that it must help forcing programmers to indent correctly.


----------



## aragon (Oct 3, 2011)

kpedersen said:
			
		

> I appreciate that it must help forcing programmers to indent correctly.


I'm not sure it helps that much.  The tabs vs. spaces friction continues...


----------



## kpedersen (Oct 3, 2011)

lol true. I tend to use 2 spaces per indent so the tabs would end up driving me crazy.

You could always write a script that converts... etc...


----------



## dh (Oct 3, 2011)

Pseudoproblem.. configure your editor properly and python is the best language in the world


----------



## expl (Oct 3, 2011)

fender0107401 said:
			
		

> I don't know why Python is popular.
> 
> This could cause some potential problems which are very difficult to find.



There is always lang/ruby. Python is so simple and intuitive, I do not see why you rage about this.


----------



## fwaggle (Oct 3, 2011)

I don't much care for whitespace having syntactical meaning, but I have a lot of fun programming Python. I wish I was better at it.

Sure it's easier to have the script still compile if you screw up your indentation, as opposed to say misplacing a brace... but still. This is not a huge issue, and it's certainly not a "security" issue.


----------



## DutchDaemon (Oct 4, 2011)

I think we're in some linguistic quicksand here with the word 'secure'. I think OP meant to use 'secure' as in 'a secure job', i.e. trustworthy, dependable, predictable. So no 'danger' or 'attack' was intended here, I think.


----------



## ChalkBored (Oct 4, 2011)

Something that's easy to make mistakes in, means that it's easy to write buggy code, which leads to being a security issue. But it's easier to keep track of indentation than brackets or parentheses.


```
#!/usr/bin/env python

"""Harmless Multiline Comment
	about symbols such as &$(#&(*$\"""

import time, random

current_time = time.gmtime()

random.seed(current_time)

x = [1, 2]
y = [1, 2]

for i in x:
        for j in y:
                result = random.random()
                print str(result)
```

Easy peasy.


----------



## BlueM00n (Oct 4, 2011)

Nothing to do with insecurity. I've actually heard a lot of good things about Python. Personally prefer PHP just because it's what I've always coded in.


----------



## roddierod (Oct 4, 2011)

fwaggle said:
			
		

> I don't much care for whitespace having syntactical meaning, but I have a lot of fun programming Python. I wish I was better at it.



When I first started looking into Python I really thought this was going to be a huge issue also. All I could think was, oh this is going to be like coding COBOL! But it is not the same as COBOL which was a great relief. 

I also use two spaces per indentation and have not had issues finding mis-matched indentation.


----------



## Carpetsmoker (Oct 4, 2011)

I use two-space indentation for pretty much everything ...

I do agree that this *can* be a bit of an issue if you've not careful, having code nested several levels deep it can be a bit difficult to see just how much to indent your statement -- and as the OP pointed out, this can make a large difference!

This is also a problem with "curly braces" languages though! Although the braces can make it a bit easier (shift+5 for the Vim users )
PEP 20 also has some useful advice here:


> Flat is better than nested.



I think this is true for *any* language, not just Python.

In the example the OP posted it's obvious what is going on, if it's not obvious anymore, you may want to rethink your code, Python more or less *forces* this, many other languages allow more "sloppy" code, making life much more difficult for people who need to maintain the code down the line. One of the key insights of Python is that code is read much more often, and making it easy to read is more important than making it easy to write.

There are some other downsides to the significant whitespace, like the inability to easily copy/paste code ... 

At the same time, it also provides a bunch of *advantages*, it provides very clean and readable syntax and it forces the programmer to use proper indentation. Most serious/pro developers do this anyway in *any* language, but all pro developers also know there are masses of not-so-pro developers out there 
Improperly indented Javascript or PHP code with the curly braces on the same line as the if/for/foreach statement seems to be the norm rather than the exception for example ...


----------



## Bellum (Oct 5, 2011)

Keeping track of indentation is much more intuitive than keeping track of braces. :/


----------



## olav (Oct 12, 2011)

That is so true Bellum 
The thing I really love most about Python is that it is so easy to read and most people who code Python use spaces instead of tabs :beergrin

I do prefer four space idents instead of two. Like Linus says, if you need more than three idents, your'e doing it wrong!


----------



## Bellum (Oct 13, 2011)

Most text editors and IDE's have a feature that converts tabs to spaces, and for good reason. Really, spaces are best for programming. I use four as well; though I've read somewhere that the ideal number is 3.


----------



## Carpetsmoker (Oct 13, 2011)

If you use tabs you can set the indentation to whatever *you* prefer. Not so with "hard-coded" spaces.


----------



## fwaggle (Oct 13, 2011)

Carpetsmoker said:
			
		

> If you use tabs you can set the indentation to whatever *you* prefer. Not so with "hard-coded" spaces.



Yeah, I absolutely can't stand working on code that's indented with spaces for this reason. If you want more screen width, or want to check out something that's deeply nested, you simply set the tab width to 1 or 2. If you need to see the indentation for some reason, then set it to 8. Unfortunately some parts of style(9) mess with this, with things like half-tabs of four spaces and so on, but for the most part it works well.

It lets the preference be up to the person running the editor of how much white space is wasted just to make code readable. The idea that "tabs are 8 spaces and 8 spaces is too wide so let's just use 3 in all our code" is just foolish, IMHO.


----------

