[Python-checkins] cpython (2.7): Closes #19061: make shelve security warning consistent between 2.x and 3.x.
georg.brandl
python-checkins at python.org
Sun Sep 22 11:42:43 CEST 2013
http://hg.python.org/cpython/rev/1d850260a356
changeset: 85774:1d850260a356
branch: 2.7
parent: 85771:565ced5bd487
user: Georg Brandl <georg at python.org>
date: Sun Sep 22 11:43:10 2013 +0200
summary:
Closes #19061: make shelve security warning consistent between 2.x and 3.x.
files:
Doc/library/shelve.rst | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/Doc/library/shelve.rst b/Doc/library/shelve.rst
--- a/Doc/library/shelve.rst
+++ b/Doc/library/shelve.rst
@@ -47,9 +47,11 @@
Like file objects, shelve objects should be closed explicitly to ensure
that the persistent data is flushed to disk.
- Since the :mod:`shelve` module stores objects using :mod:`pickle`, the same
- security precautions apply. Accordingly, you should avoid loading a shelf
- from an untrusted source.
+.. warning::
+
+ Because the :mod:`shelve` module is backed by :mod:`pickle`, it is insecure
+ to load a shelf from an untrusted source. Like with pickle, loading a shelf
+ can execute arbitrary code.
Shelf objects support all methods supported by dictionaries. This eases the
transition from dictionary based scripts to those requiring persistent storage.
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list