heikowu at ceosg.de
Fri Jun 11 21:27:36 CEST 2004
Am Freitag, 11. Juni 2004 21:14 schrieb Jeff:
> Has anyone seen a secure pickle alternative?
Check out Flatten (available under Files on
http://sourceforge.net/projects/yawpycrypto). It basically offers the same
functionality as Pickle, but user classes are only picklable after they have
been registered with the module, and must implement explicit __store__ and
Automatic type checking of class variables is only one of the additional
gimmicks it offers. I'm currently working on a new release of Flatten which
includes signing/encrypting parts of a pickle by the pickle creator/for a
specific recipient, but this implementation isn't finished yet.
There is one incompatability with Pickle, which is explicitly noted in the
documentation, and which refers to storing tuples which contain references to
themselves (in some form, such as using themselves as a dict key in a dict
which is contained in themselves, etc.); under several circumstances this
doesn't get unserialized properly. But this is the only real problem there is
with Flatten (AFAIK).
There are other packages out there, but I'll leave it to the others to point
you at them (twisted implements a storage protocol which is secure (which can
be made secure), for example, and IIRC it's called twisted.banana).
More information about the Python-list