That's amazing. I did not know about that. On Wed, Jul 22, 2015 at 6:30 PM, Eric V. Smith <eric@trueblade.com> wrote:

Have you looked at https://docs.python.org/3/library/pickle.html#pickle-restrict ?

-- Eric.

...

On Jul 22, 2015, at 4:03 AM, Neil Girdhar <mistersheik@gmail.com> wrote:

I've heard it said that pickle is a security hole, and so it's better to write your own serialization routine. That's unfortunate because pickle has so many advantages such as automatically tying into copy/deepcopy. Would it be possible to make unpickle secure, e.g., by having the caller create a context in which all calls to unpickle are limited to unpickling a specific set of types? (When these types unpickle their sub-objects, they could potentially limit the set of types further.) _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/

---

Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/

--

--- You received this message because you are subscribed to a topic in the Google Groups "python-ideas" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/python-ideas/OhYb7RHNHyA/unsubscribe. To unsubscribe from this group and all its topics, send an email to python-ideas+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/d/optout.

That's amazing. I did not know about that. On Wed, Jul 22, 2015 at 6:30 PM, Eric V. Smith <eric@trueblade.com> wrote:

Have you looked at https://docs.python.org/3/library/pickle.html#pickle-restrict ?

-- Eric.

...

On Jul 22, 2015, at 4:03 AM, Neil Girdhar <mistersheik@gmail.com> wrote:

I've heard it said that pickle is a security hole, and so it's better to write your own serialization routine. That's unfortunate because pickle has so many advantages such as automatically tying into copy/deepcopy. Would it be possible to make unpickle secure, e.g., by having the caller create a context in which all calls to unpickle are limited to unpickling a specific set of types? (When these types unpickle their sub-objects, they could potentially limit the set of types further.) _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/

---

Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/

--

--- You received this message because you are subscribed to a topic in the Google Groups "python-ideas" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/python-ideas/OhYb7RHNHyA/unsubscribe. To unsubscribe from this group and all its topics, send an email to python-ideas+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/d/optout.