Convert String to Dictionary question

Jason Orendorff jason at jorendorff.com
Sun Feb 17 19:11:00 CET 2002


Christian Tanzer wrote:
> Jason Orendorff wrote:
> > Whereas there are no known security holes in pickle.
> 
> Not true.

I stand corrected.  Yow.  My statement above is not just wrong
but excessively wrong.

> To wrap this up, writing secure applications is hard -- and rules of
> thumb like `eval is bad, pickle is good` aren't going to make it any
> easier.

Good call.

## Jason Orendorff    http://www.jorendorff.com/




More information about the Python-list mailing list