Advise of programming one of my first programs

Evan Driscoll driscoll at cs.wisc.edu
Tue Mar 27 23:59:58 CEST 2012


On 01/-10/-28163 01:59 PM, Prasad, Ramit wrote:
>> ####### CODE #########
>> fileread = open('myfile.txt','r')
>> tbook = eval(fileread.read())
>> fileread.close()
>
> The use of eval is dangerous if you are not *completely* sure what is
> being passed in. Try using pickle instead:
> http://docs.python.org/release/2.5.2/lib/pickle-example.html

Um, at least by my understanding, the use of Pickle is also dangerous if 
you are not completely sure what is being passed in:

   Warning: The pickle module is not intended to be secure
   against erroneous or maliciously constructed data. Never
   unpickle data received from an untrusted or unauthenticated
   source.
             - http://docs.python.org/library/pickle.html


Evan



More information about the Python-list mailing list