Is unpickling data a security risk?

Greg Ewing greg at
Tue May 23 04:25:50 CEST 2000

Itamar Shtull-Trauring wrote:
> does the act of unpickling cause any code in the pickled object to
> be executed?

No. As far as I'm aware, the standard pickle module
doesn't pickle or unpickle code objects, for precisely
this reason. So you should be safe.

Greg Ewing, Computer Science Dept,
University of Canterbury,	   | A citizen of NewZealandCorp, a	  |
Christchurch, New Zealand	   | wholly-owned subsidiary of USA Inc.  |
greg at	   +--------------------------------------+

More information about the Python-list mailing list