Is unpickling data a security risk?

Greg Ewing greg at cosc.canterbury.ac.nz
Tue May 23 04:25:50 CEST 2000


Itamar Shtull-Trauring wrote:
> 
> does the act of unpickling cause any code in the pickled object to
> be executed?

No. As far as I'm aware, the standard pickle module
doesn't pickle or unpickle code objects, for precisely
this reason. So you should be safe.

-- 
Greg Ewing, Computer Science Dept,
+--------------------------------------+
University of Canterbury,	   | A citizen of NewZealandCorp, a	  |
Christchurch, New Zealand	   | wholly-owned subsidiary of USA Inc.  |
greg at cosc.canterbury.ac.nz	   +--------------------------------------+



More information about the Python-list mailing list