So I wanted to install Python, download Selenium library on it, and combine it with Webdriver to access web-driven accounting software to automate some stuff; mainly downloading reports from the accounting software since there are tones of reports to download every month, which the software does not have automation function for. I don't want to deal with any data.

Senior director and I went to IT for the request to download Python and they declined; they said there is a security risk.

Does anyone know what potential security risks they are referring to? I don't have cs background so I'm not very sure. And is there a way to mitigate those risks?

I recently sent a request to my employer's IT department asking for access to Python 3.6.3. The request was denied with the justification "Python is dangerous to have on a pc. It is a useful attack vector."

Can anyone provide insight on what this might mean? Does simply having Python installed on your computer make you more susceptible to attacks? I can't tell if my employer has a valid concern here or if they are just taking the easy route.

EDIT: Spelling

Python's great, everyone cheers on Python, every weird essential desktop application at the office relies on a Python install, every analyst who has hit the limits of Excel wants to use Python. I don't see anyone really talking about the security implications of having a modular scripting stack with a history of add-on compromise installed on every production workstation.

How do you secure a Python install, what do you allow in it, and how do you cope with the eleventy hundred Python modules users claim they need?

Hi,

I've been learning Python pretty well over the past few months, and I feel like I know enough now to know that I know nothing :D I've been looking around Github and PyPI for some cool packages, and it makes me raise the question:

How do we know if a given package is secure and doesn't contain any sort of malware? I mean, besides going through and inspecting every line of code by hand.

Thanks in advance.

Also, this is my first question on Reddit, so forgive me if it's a stupid question :D

Is Python a secure platform for performing data analysis on a company-wide ethernet dataserver? The words "free and open source" scare some people into thinking anybody at all will access our data if we use Python to analyze it. I'm fairly certain the answer is "yes."

Since a Python Library is essentially a chunk of code written from someone else. How do we know it's "safe"/"legit"?

Are there laws concerning this? Or do we have to test this on our own as a developer? Is it even "testable"?

Don't get fooled They're looking very similar

Pypi doesn't do any vetting to packages published. Is there a list of packages that are known to be safe and verified by some org dedicated to checking?

To keep it short, I monitor the performance of the tech products that is deployed around the country for my company. I got tired of using sheets and thought about creating a custom dashboard through python(local app first, then add it to our main Backoffice for everyone to see). Mid way through, I read a comment under a similar project saying that python has security risks but didn’t specify how or why. This has me concerned and makes me want to throw away the project since this will deal with very sensitive data. Is this true? If so, how can I work around this security risk?

Other option is my company is debating on getting Looker premium which would be easier and less of a headache but I’m an intern and I feel like this would not be effective experience to put on my resume. Thoughts?

New to Python and really enjoying learning the language, probably the most enjoyable human readable language.

Are the packages in the PyPi packages always safe?

For example when installing packages from Debian they are signed etc. they might not work but are what they say they are. On a scale of ‘always check the code’ to ‘yolo it’ll be fine’ would you rate PyPi?

I am considering installing a project that I found on Github:

https://github.com/stevedsun/notion-graph-view

(it is a really small project for the number of lines of code that it has)

The project has 133 stars

It's about creating a graph view from the content of the app Notion using its API to pass the information that the "graph app" needs/

But how safe is that? does the information that the "graph app" takes, stays on my PC?

Hey everyone so I brought a book teaching to programme in python for absolute beginners and it says you have to download python 3 but also warns that windows os systems can get glitchy and confused by it. I have windows 11 and just got the computer a few months ago so was wondering if it was safe to download without messing my computer up? I'm totally new to programming so sorry if this is a stupid question

A big issue I've heard of about pip is that it's insecure. Packages have been found to be malware, often using spelling errors as an avenue of attack.

If a company is concerned about security, then what is to be done? Are there more secure python installations available?

Python is often used by engineers & scientists to "Automate the Boring Stuff". Fine and dandy, but we won't be able to use Python if it's a security risk.

Just came across a clone of the Python website. Flagging so y'all keep your eyes peeled for them camouflaged rattlesnakes.

I am just wondering what are some general tips for staying secure when installing packages via pip. I am concerned there could be malware given all package managers like npm, composer and pip have that issue from time to time.

I would usually gauge a packages trust level via its downloads which I cannot view on pypi.

Thanks

Are all PyPi packages safe to use? Like do they contain any malware or anything like that?

I downloaded Python from Python.org and I open the file and it says its a virus.

Can someone tell me what is going on