[Python-ideas] Fwd: Re: Secure unpickle

Nathaniel Smith njs at pobox.com
Thu Jul 23 03:46:09 CEST 2015

On Wed, Jul 22, 2015 at 5:27 PM, Neil Girdhar <mistersheik at gmail.com> wrote:
> That is so unfortunate.  Pickle is such a good solution except for the
> security.  Why can't we have security too?  It doesn't seem to me to be
> right for a project like matplotlib to be writing their own serialization
> library.  It would be awesome if Python had secure serialization built-in.

The reason you can pickle/unpickle arbitrary Python objects is that
the pickle format is basically a structured, optimized way of
generating and then evaluating arbitrary Python code. Which is great
because it's totally general -- that's why we love pickle, you can
pickle anything -- but that exact feature is what makes it insecure.
If you want to make something secure, that means making some explicit
decisions about what kinds of things can be put into your data format
and which cannot, and write some explicit code to handle each of these
things instead of just handing the file format direct access to your
interpreter. But by the time you've done that you've done the hard
part of implementing a new format anyway...


Nathaniel J. Smith -- http://vorpus.org

More information about the Python-ideas mailing list