Pickled objects over the network

Walker Lindley brotherjenos at gmail.com
Fri Jul 20 17:29:46 CEST 2007


It is feasible to an extent since loading each builtin object type is
handled by a different function. However, as others have pointed out it
makes more sense to use a more robust protocol than try to patch pickle.


-Walker

On 7/20/07, Hendrik van Rooyen <mail at microcorp.co.za> wrote:
>
> Walker Lindley  wrote:
>
> >Right, I could use Pyro, but I don't need RPC, I just wanted an easy way
> to
> send objects across the network. I'm sure >both Pyro and Yami can do that
> and I
> may end up using one of them. For the initial version pickle will work
> because
> we >have the networking issues figured out with it, just not the security
> problem. So we may end up just sending strings back >and forth that will
> let us
> fill out an object's member variables on the other end. It's much less
> cool, but
> it seems like it'd >be more secure.
> >
>
> This passing of a pickled structure is so handy for simple things like
> lists of
> parameters, and so on, that I wonder if it would not be worth while to
> somehow
> beef up the security of the pickle stuff.
>
> One heretical way I can think of would involve strict "typing" at the
> receiving
> end - if you expect say a dict, then you should somehow specify that
> anything
> else should fail...
>
> as dict  my_received_dict = cpickle.loads(data_from_network)
>
> or, better without a new "as" keyword:
>
> my_received_dict=cpickle.loads(data_from_network,type=dict)
>
> Is this at all feasible?
>
> - Hendrik
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>



-- 
This e-mail is licensed under the Creative Commons
Attribution-NoDerivs 2.5License. To view a copy of this license, visit
http://creativecommons.org/licenses/by-nd/2.5/ or send a letter to Creative
Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105,
USA.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20070720/703759d3/attachment.html>


More information about the Python-list mailing list