March 5, 2008
11:29 p.m.
Aaron Watters wrote:
In summary: I think marshal.loads(s) is just as safe as unicode(s) or file.read(). pickle.loads(s) is morally equivalant to __import__(s) or eval(s).
According to the docs, you can use a customised unpickler to restrict the set of things it can use as constructors. It might be worth mentioning that in a prominent place near the security warning as well. -- Greg