[Python-ideas] An official complaint regarding the marshal and pickle documentation
greg.ewing at canterbury.ac.nz
Wed Mar 5 23:29:49 CET 2008
Aaron Watters wrote:
> In summary: I think marshal.loads(s) is just as safe as unicode(s) or
> file.read(). pickle.loads(s) is morally equivalant to __import__(s) or
According to the docs, you can use a customised unpickler
to restrict the set of things it can use as constructors.
It might be worth mentioning that in a prominent place near
the security warning as well.
More information about the Python-ideas