[Python-Dev] Pickle security and remote logging
Vinay Sajip
vinay_sajip at yahoo.co.uk
Tue Jun 29 17:15:22 CEST 2010
anatoly techtonik <techtonik <at> gmail.com> writes:
> insecure. SocketHandler and DatagramHandler docs should at least
> contain a warning about danger of exposing unpickling interfaces to
> insecure networks.
I've updated the documentation of SocketHandler.makePickle to mention security
concerns, and that the method can be overridden to use a more secure
implementation (e.g. HMAC-signed pickles).
Regards,
Vinay Sajip
More information about the Python-Dev
mailing list