<div dir="ltr">That's amazing.  I did not know about that.</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 22, 2015 at 6:30 PM, Eric V. Smith <span dir="ltr"><<a href="mailto:eric@trueblade.com" target="_blank">eric@trueblade.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Have you looked at<br>
<a href="https://docs.python.org/3/library/pickle.html#pickle-restrict" rel="noreferrer" target="_blank">https://docs.python.org/3/library/pickle.html#pickle-restrict</a><br>
?<br>
<br>
--<br>
Eric.<br>
<span class=""><br>
> On Jul 22, 2015, at 4:03 AM, Neil Girdhar <<a href="mailto:mistersheik@gmail.com">mistersheik@gmail.com</a>> wrote:<br>
><br>
> I've heard it said that pickle is a security hole, and so it's better to write your own serialization routine.  That's unfortunate because pickle has so many advantages such as automatically tying into copy/deepcopy.  Would it be possible to make unpickle secure, e.g., by having the caller create a context in which all calls to unpickle are limited to unpickling a specific set of types?  (When these types unpickle their sub-objects, they could potentially limit the set of types further.)<br>
</span><span class="">> _______________________________________________<br>
> Python-ideas mailing list<br>
> <a href="mailto:Python-ideas@python.org">Python-ideas@python.org</a><br>
> <a href="https://mail.python.org/mailman/listinfo/python-ideas" rel="noreferrer" target="_blank">https://mail.python.org/mailman/listinfo/python-ideas</a><br>
> Code of Conduct: <a href="http://python.org/psf/codeofconduct/" rel="noreferrer" target="_blank">http://python.org/psf/codeofconduct/</a><br>
_______________________________________________<br>
Python-ideas mailing list<br>
<a href="mailto:Python-ideas@python.org">Python-ideas@python.org</a><br>
<a href="https://mail.python.org/mailman/listinfo/python-ideas" rel="noreferrer" target="_blank">https://mail.python.org/mailman/listinfo/python-ideas</a><br>
Code of Conduct: <a href="http://python.org/psf/codeofconduct/" rel="noreferrer" target="_blank">http://python.org/psf/codeofconduct/</a><br>
<br>
</span><span class="">--<br>
<br>
---<br>
You received this message because you are subscribed to a topic in the Google Groups "python-ideas" group.<br>
</span>To unsubscribe from this topic, visit <a href="https://groups.google.com/d/topic/python-ideas/OhYb7RHNHyA/unsubscribe" rel="noreferrer" target="_blank">https://groups.google.com/d/topic/python-ideas/OhYb7RHNHyA/unsubscribe</a>.<br>
To unsubscribe from this group and all its topics, send an email to <a href="mailto:python-ideas%2Bunsubscribe@googlegroups.com">python-ideas+unsubscribe@googlegroups.com</a>.<br>
For more options, visit <a href="https://groups.google.com/d/optout" rel="noreferrer" target="_blank">https://groups.google.com/d/optout</a>.<br>
</blockquote></div><br></div>