[Python-ideas] Secure unpickle
Neil Girdhar
mistersheik at gmail.com
Thu Jul 23 02:29:20 CEST 2015
That's amazing. I did not know about that.
On Wed, Jul 22, 2015 at 6:30 PM, Eric V. Smith <eric at trueblade.com> wrote:
> Have you looked at
> https://docs.python.org/3/library/pickle.html#pickle-restrict
> ?
>
> --
> Eric.
>
> > On Jul 22, 2015, at 4:03 AM, Neil Girdhar <mistersheik at gmail.com> wrote:
> >
> > I've heard it said that pickle is a security hole, and so it's better to
> write your own serialization routine. That's unfortunate because pickle
> has so many advantages such as automatically tying into copy/deepcopy.
> Would it be possible to make unpickle secure, e.g., by having the caller
> create a context in which all calls to unpickle are limited to unpickling a
> specific set of types? (When these types unpickle their sub-objects, they
> could potentially limit the set of types further.)
> > _______________________________________________
> > Python-ideas mailing list
> > Python-ideas at python.org
> > https://mail.python.org/mailman/listinfo/python-ideas
> > Code of Conduct: http://python.org/psf/codeofconduct/
> _______________________________________________
> Python-ideas mailing list
> Python-ideas at python.org
> https://mail.python.org/mailman/listinfo/python-ideas
> Code of Conduct: http://python.org/psf/codeofconduct/
>
> --
>
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "python-ideas" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/python-ideas/OhYb7RHNHyA/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> python-ideas+unsubscribe at googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20150722/3773ed70/attachment.html>
More information about the Python-ideas
mailing list