Pickled objects over the network
Jean-Paul Calderone
exarkun at divmod.com
Fri Jul 20 07:03:27 EDT 2007
On Fri, 20 Jul 2007 09:32:17 +0200, Hendrik van Rooyen <mail at microcorp.co.za> wrote:
> Walker Lindley wrote:
>
>>Right, I could use Pyro, but I don't need RPC, I just wanted an easy way to
>send objects across the network. I'm sure >both Pyro and Yami can do that and I
>may end up using one of them. For the initial version pickle will work because
>we >have the networking issues figured out with it, just not the security
>problem. So we may end up just sending strings back >and forth that will let us
>fill out an object's member variables on the other end. It's much less cool, but
>it seems like it'd >be more secure.
>>
>
>This passing of a pickled structure is so handy for simple things like lists of
>parameters, and so on, that I wonder if it would not be worth while to somehow
>beef up the security of the pickle stuff.
>
>One heretical way I can think of would involve strict "typing" at the receiving
>end - if you expect say a dict, then you should somehow specify that anything
>else should fail...
>
>as dict my_received_dict = cpickle.loads(data_from_network)
>
>or, better without a new "as" keyword:
>
>my_received_dict=cpickle.loads(data_from_network,type=dict)
>
>Is this at all feasible?
No. You could write a replacement for pickle, though. Oh, wait...
Jean-Paul
More information about the Python-list
mailing list