[Python-ideas] An official complaint regarding the marshal and pickle documentation
George Sakkis
george.sakkis at gmail.com
Wed Mar 5 16:25:57 CET 2008
On Wed, Mar 5, 2008 at 10:11 AM, Aaron Watters <aaron.watters at gmail.com> wrote:
> I just checked the python site documentation on marshal and pickle and I
> consider them to be irresponsibly and dangerously misleading.
> RESOLVED: pickle should come with a large red label:
>
> WARNING: LARK'S VOMIT --
> NEVER USE PICKLE TO IMPLEMENT UNTRUSTED ARCHIVING OF ANY KIND.
>
> It doesn't have one.
So what is this [1] ?
'''
Warning: The pickle module is not intended to be secure against
erroneous or maliciously constructed data. Never unpickle data
received from an untrusted or unauthenticated source.
'''
You may want to check your facts better next time you go on a rampage.
George
[1] http://docs.python.org/lib/node314.html
More information about the Python-ideas
mailing list