[Python-ideas] An idea for a new pickling tool

Terry Reedy tjreedy at udel.edu
Thu Apr 23 05:14:33 CEST 2009

Alexandre Vassalotti wrote:

>>   * it is a major security risk for untrusted inputs
> There are way to fix this without replacing pickle. See the recipe in
> pickle documentation:
> http://docs.python.org/3.0/library/pickle.html#restricting-globals

On reading that, I notice that it ends with "As our examples shows, you 
have to be careful with what you allow to be unpickled. Therefore if 
security is a concern, you may want to consider alternatives such as the 
marshalling API in xmlrpc.client or third-party solutions."  Raymond's 
proposal is to integrate some third-parth solutions with an eye to the 
product becoming a first-party solution.

More information about the Python-ideas mailing list