Pickled objects over the network

Hendrik van Rooyen mail at microcorp.co.za
Fri Jul 20 09:32:17 CEST 2007


 Walker Lindley  wrote:

>Right, I could use Pyro, but I don't need RPC, I just wanted an easy way to
send objects across the network. I'm sure >both Pyro and Yami can do that and I
may end up using one of them. For the initial version pickle will work because
we >have the networking issues figured out with it, just not the security
problem. So we may end up just sending strings back >and forth that will let us
fill out an object's member variables on the other end. It's much less cool, but
it seems like it'd >be more secure.
>

This passing of a pickled structure is so handy for simple things like lists of
parameters, and so on, that I wonder if it would not be worth while to somehow
beef up the security of the pickle stuff.

One heretical way I can think of would involve strict "typing" at the receiving
end - if you expect say a dict, then you should somehow specify that anything
else should fail...

as dict  my_received_dict = cpickle.loads(data_from_network)

or, better without a new "as" keyword:

my_received_dict=cpickle.loads(data_from_network,type=dict)

Is this at all feasible?

- Hendrik




More information about the Python-list mailing list