[Python-Dev] Pickle security and remote logging

[Vinay Sajip]

anatoly techtonik <techtonik <at> gmail.com> writes:

> insecure. SocketHandler and DatagramHandler docs should at least
> contain a warning about danger of exposing unpickling interfaces to
> insecure networks.

I've updated the documentation of SocketHandler.makePickle to mention security
concerns, and that the method can be overridden to use a more secure
implementation (e.g. HMAC-signed pickles).

Regards,

Vinay Sajip