Pickled objects over the network
brotherjenos at gmail.com
Fri Jul 20 17:29:46 CEST 2007
It is feasible to an extent since loading each builtin object type is
handled by a different function. However, as others have pointed out it
makes more sense to use a more robust protocol than try to patch pickle.
On 7/20/07, Hendrik van Rooyen <mail at microcorp.co.za> wrote:
> Walker Lindley wrote:
> >Right, I could use Pyro, but I don't need RPC, I just wanted an easy way
> send objects across the network. I'm sure >both Pyro and Yami can do that
> and I
> may end up using one of them. For the initial version pickle will work
> we >have the networking issues figured out with it, just not the security
> problem. So we may end up just sending strings back >and forth that will
> let us
> fill out an object's member variables on the other end. It's much less
> cool, but
> it seems like it'd >be more secure.
> This passing of a pickled structure is so handy for simple things like
> lists of
> parameters, and so on, that I wonder if it would not be worth while to
> beef up the security of the pickle stuff.
> One heretical way I can think of would involve strict "typing" at the
> end - if you expect say a dict, then you should somehow specify that
> else should fail...
> as dict my_received_dict = cpickle.loads(data_from_network)
> or, better without a new "as" keyword:
> Is this at all feasible?
> - Hendrik
This e-mail is licensed under the Creative Commons
Attribution-NoDerivs 2.5License. To view a copy of this license, visit
http://creativecommons.org/licenses/by-nd/2.5/ or send a letter to Creative
Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-list