secure unpickle?
Michael Hudson
mwh at python.net
Tue Jan 20 06:32:29 EST 2004
Paul Rubin <http://phr.cx@NOSPAM.invalid> writes:
> jjl at pobox.com (John J. Lee) writes:
> > marshal
> >
> > The docs have similar warnings, though.
>
> Marshal has an additional problem, which is that the format can change
> incompatibly between one Python version and another.
Oh, and this:
>>> marshal.loads('x')
Segmentation fault
There's a patch from Armin that I'm supposed to be reviewing about
that...
I really wouldn't unmarshal input that could come from some random
source on the internet.
Cheers,
mwh
--
If design space weren't so vast, and the good solutions so small a
portion of it, programming would be a lot easier.
-- maney, comp.lang.python
More information about the Python-list
mailing list