Is unpickling data a security risk?
Greg Ewing
greg at cosc.canterbury.ac.nz
Mon May 22 22:25:50 EDT 2000
Itamar Shtull-Trauring wrote:
>
> does the act of unpickling cause any code in the pickled object to
> be executed?
No. As far as I'm aware, the standard pickle module
doesn't pickle or unpickle code objects, for precisely
this reason. So you should be safe.
--
Greg Ewing, Computer Science Dept,
+--------------------------------------+
University of Canterbury, | A citizen of NewZealandCorp, a |
Christchurch, New Zealand | wholly-owned subsidiary of USA Inc. |
greg at cosc.canterbury.ac.nz +--------------------------------------+
More information about the Python-list
mailing list