Convert String to Dictionary question

Fredrik Lundh fredrik at pythonware.com
Sat Feb 16 17:49:05 CET 2002


Jason Orendorff wrote:
> Whereas there are no known security holes in pickle.

careful.

it's fairly trivial to construct a pickle string that calls eval
or os.system with arbitrary arguments.

</F>





More information about the Python-list mailing list