[Python-Dev] Pickle security and remote logging

[anatoly techtonik]

Hello,

I need to send logging module output over the network. The module has
everything to make this happen, except security. SocketHandler and
DatagramHandler examples are using pickle module that is said to be
insecure. SocketHandler and DatagramHandler docs should at least
contain a warning about danger of exposing unpickling interfaces to
insecure networks.

pickle documentation mentions that it is possible to control what gets
unpickled, but there is any no example or security analysis if the
proposed solution will be secure. Is there any way to implement secure
network logging? I do not care about data encryption - I just do not
want my server exploited by malformed data.

-- 
anatoly t.