Developing a network protocol with Python

Irmen de Jong irmen.NOSPAM at
Thu Dec 15 20:42:39 CET 2005

Laszlo Zsolt Nagy wrote:

> "Mobile objects. Clients and servers can pass objects around - even when 
> the server has never known them before. Pyro will then automatically 
> transfer the needed Python bytecode."
> I believe that using cPickle and transferring data (but not the code) is 
> still more secure than transferring bytecode. :-)

Note that the mobile *code* feature of Pyro is off by default.
And that the transfer of bytecodes is only part of the "problem",
because it is possible to craft special constructed pickle streams
that will do nasty things on the receiving side....


More information about the Python-list mailing list