Pickling over a socket
Bastian Ballmann
balle at chaostal.de
Wed Apr 20 02:44:31 EDT 2011
Am Tue, 19 Apr 2011 19:28:50 -0700 (PDT)
schrieb Jean-Paul Calderone <calderone.jeanpaul at gmail.com>:
> It is completely insecure. Do not use pickle and
> sockets together.
Yes pickle is like eval, but that doesnt mean that one should never
ever use it over a socket connection.
What about ssl sockets where client and server authenticate each other?
Or you encrypt the pickle dump with symmetric encryption and only load
it if you can decrypt it? There are ways to ensure that the data you
get can be handled as trusted.
Greets
Basti
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20110420/447b272c/attachment.sig>
More information about the Python-list
mailing list