[Python-ideas] An official complaint regarding the marshal and pickle documentation
phd at phd.pp.ru
Wed Mar 5 16:27:59 CET 2008
On Wed, Mar 05, 2008 at 10:11:48AM -0500, Aaron Watters wrote:
> RESOLVED: pickle should come with a large red label:
> WARNING: LARK'S VOMIT --
> NEVER USE PICKLE TO IMPLEMENT UNTRUSTED ARCHIVING OF ANY KIND.
"Warning: The pickle module is not intended to be secure against
erroneous or maliciously constructed data. Never unpickle data received
from an untrusted or unauthenticated source."
Enough for me, though it is not as big or as red...
Oleg Broytmann http://phd.pp.ru/ phd at phd.pp.ru
Programmers don't die, they just GOSUB without RETURN.
More information about the Python-ideas