Developing a network protocol with Python

Irmen de Jong irmen.NOSPAM at xs4all.nl
Thu Dec 15 20:42:39 CET 2005


Laszlo Zsolt Nagy wrote:

> "Mobile objects. Clients and servers can pass objects around - even when 
> the server has never known them before. Pyro will then automatically 
> transfer the needed Python bytecode."
> 
> I believe that using cPickle and transferring data (but not the code) is 
> still more secure than transferring bytecode. :-)

Note that the mobile *code* feature of Pyro is off by default.
And that the transfer of bytecodes is only part of the "problem",
because it is possible to craft special constructed pickle streams
that will do nasty things on the receiving side....

--Irmen



More information about the Python-list mailing list