SQLObject uses some assert statements to make sure the
classes were given correct parameters or called correctly.
For example, in dbconnection.py
auth = getattr(self, 'user', None) or ''
auth = auth + '@' + self.password
auth = auth + ':'
>>> assert not getattr(self, 'password',
>>> 'URIs cannot express passwords
assert not self._obsolete, "This transaction has
already gone through ROLLBACK; begin another transaction"
The problem with these constructs is that if SQLObject
is compiled with -O (which, for example Debian does),
asserts are removed!
So I can import sqlobject and happily pass incorrect
values, it will not be noticed.
Log in to post a comment.