examples of a safe Unpickler?
Terry Hancock
hancock at anansispaceworks.com
Thu Jul 18 12:01:07 EDT 2002
Kevin Altis said:
> The Security section of the pickle module documentation:
>
> http://www.python.org/doc/current/lib/pickle-sec.html
>
> talks about creating a safe unpickler.
> [...]
>
> So, are there examples of an unpickler (preferably based on cPickle for
> speed)? It is not clear to me from the documentation what I actually need to
> do. The docs seem to imply that if an object is not marked as
> __safe_for_unpickling__ then an UnpicklingError exception might be thrown
> just using the default Unpickler, but if so, I would need an example or two
> of a pickle with a security problem to test this. Throwing an exception
> would be fine. It would be nice if there was a separate
> UnpicklingSecurityError exception.
See:
http://www.zope.org/Members/htrd/howto/MiniPickle
I used a variation of this myself to pack a nested
dictionary (representing state information for a tree)
into a browser cookie.
I believe it simply raises an "UnpicklingError" if
illegal data is found, but if you want something special,
just define a new exception and call that instead.
Cheers,
Terry
--
------------------------------------------------------
Terry Hancock
hancock at anansispaceworks.com
Anansi Spaceworks
http://www.anansispaceworks.com
P.O. Box 60583
Pasadena, CA 91116-6583
------------------------------------------------------
More information about the Python-list
mailing list