[Python-ideas] Secure unpickle
mistersheik at gmail.com
Thu Jul 23 02:29:20 CEST 2015
That's amazing. I did not know about that.
On Wed, Jul 22, 2015 at 6:30 PM, Eric V. Smith <eric at trueblade.com> wrote:
> Have you looked at
> > On Jul 22, 2015, at 4:03 AM, Neil Girdhar <mistersheik at gmail.com> wrote:
> > I've heard it said that pickle is a security hole, and so it's better to
> write your own serialization routine. That's unfortunate because pickle
> has so many advantages such as automatically tying into copy/deepcopy.
> Would it be possible to make unpickle secure, e.g., by having the caller
> create a context in which all calls to unpickle are limited to unpickling a
> specific set of types? (When these types unpickle their sub-objects, they
> could potentially limit the set of types further.)
> > _______________________________________________
> > Python-ideas mailing list
> > Python-ideas at python.org
> > https://mail.python.org/mailman/listinfo/python-ideas
> > Code of Conduct: http://python.org/psf/codeofconduct/
> Python-ideas mailing list
> Python-ideas at python.org
> Code of Conduct: http://python.org/psf/codeofconduct/
> You received this message because you are subscribed to a topic in the
> Google Groups "python-ideas" group.
> To unsubscribe from this topic, visit
> To unsubscribe from this group and all its topics, send an email to
> python-ideas+unsubscribe at googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-ideas