[Python-Dev] Pickle security and remote logging
Guido van Rossum
guido at python.org
Wed Jun 30 01:41:52 CEST 2010
On Tue, Jun 29, 2010 at 4:22 PM, anatoly techtonik <techtonik at gmail.com> wrote:
> On Tue, Jun 29, 2010 at 6:15 PM, Vinay Sajip <vinay_sajip at yahoo.co.uk> wrote:
>>
>> I've updated the documentation of SocketHandler.makePickle to mention security
>> concerns, and that the method can be overridden to use a more secure
>> implementation (e.g. HMAC-signed pickles).
>
> Thanks. But I doubt HMAC complication helps to protect logging server.
> If shared key is compromised -server becomes vulnerable. I would
> prefer approach when no code execution is possible. Some alternative
> serialization way for transmitting log data structures over network.
> Protocol buffers first come in mind, but they seem to be an overkill,
> and stdlib doesn't include any implementation.
You could use marshal by default. It does not execute code when
unmarshalling. A limitation is that it only supports built-in types
like list, dict, string etc. but that might be just fine for logging
data. Another option would be JSON. (Or XML, if you want bulky. :-)
As for protocol buffers, assuming its absence (so far :-) from the
stdlib is the only objection, how hard would it be to make the logging
package "prepared" so that if one *did* have protocol buffers
installed, it would be a one-line config setting to use them?
--
--Guido van Rossum (python.org/~guido)
More information about the Python-Dev
mailing list