Convert String to Dictionary question

Jason Orendorff jason at
Sun Feb 17 13:11:00 EST 2002

Christian Tanzer wrote:
> Jason Orendorff wrote:
> > Whereas there are no known security holes in pickle.
> Not true.

I stand corrected.  Yow.  My statement above is not just wrong
but excessively wrong.

> To wrap this up, writing secure applications is hard -- and rules of
> thumb like `eval is bad, pickle is good` aren't going to make it any
> easier.

Good call.

## Jason Orendorff

More information about the Python-list mailing list