On Feb 22, 2013, at 5:26, Devin Jeanpierre <jeanpierreda@gmail.com> wrote:
Well, we've already gone as far as json, which is pretty powerful (but still subject to attacks using "relatively secure" json to transport "insecure" data!)
Of course a serialization library can't protect against eval(deserialize(foo)) running arbitrary code. That doesn't mean we shouldn't bother with security.
The difference is that json.loads is just deserialize(foo), which pickle.loads inherently has some eval mixed in. That's why I think for most use cases, the answer is making json easier to extend, not making pickle easier to secure. The biggest problem people have with the json library isn't that you have to do the extending explicitly and externally, but that it's a huge pain to do so. There was a suggestion earlier in this thread (I forget the author) that would go a long way toward relieving that pain. Some people also want it to be implicitly extensible, to have some way to create an instance of a new empty class named Foo with given attributes (but not an existing builtin or user-defined class named Foo). I'm not sure what their use case is, and I'm not sure it's a good idea--but if it is, there was also a suggestion for that.