Python Zen (and security) violation

Question

Python Zen (and security) violation

Opened this issue 9 years ago · 2 comments

The Python Zen states

Errors should never pass silently.
Unless explicitly silenced.

The following code

        if isinstance(value, basestring):
            try:
                value = decrypt_str(value)
            except cryptography.fernet.InvalidToken:
                pass

Is silent if the decryption process fails. It should not be as there is no good reason for the encryption process to fail (and if it does it is important to let the user know).

I would change this code to raise a SuspiciousOperation exception.

https://docs.djangoproject.com/en/1.8/ref/exceptions/#suspiciousoperation

Answer 1 · 2015-10-13T22:10:24.000Z

The one nice thing of it failing silently, is that it allows you to change the field type to the encrypted field while still reading older unencrypted values. Raising an error might make it a little bit more difficult to migrate old columns.

Answer 2 · 2015-10-14T14:58:22.000Z

But it is the right thing to do. The Pythonic way...