Is unpickling data a security risk?

Itamar Shtull-Trauring itamar at maxnm.com
Sun May 21 07:06:05 EDT 2000


I'd like to store a pickle somewhere on the Internet (specifically, on
Freenet - http://freenet.sourceforge.net). Other people may be able to
change this pickle to whatever they want to.  At some point I'm going to
load this data (or what it was changed to) and unpickle.  Is this a security
risk?  

That is, does the act of unpickling cause any code in the pickled object to
be executed?  If the data is not what I want I don't mind, my application
will check that.

-- 
Itamar S.T.  itamar at maxnm.com




More information about the Python-list mailing list