Unpickling from strings
Paul Robinson
paul.robinson at businesscollaborator.com
Wed Mar 14 04:07:46 EST 2001
Doug Fort wrote:
>
> Perhaps it is getting garbled in transmission. We quote ours:
>
> urllib.quote_plus(cPickle.dumps(self._statsdict))
>
> "Marcin Chady" wrote:
>
> > I have pickled an object into a string and saved it in an hidden HTML form
> > field, so that I can recover the state when the form is resubmitted.
Is there not an inherent security risk from trusting what could
potentially be any kind of pickled object that you are retrieving from
the submission of an HTML form?
If you are going to do that then you should take appropriate
precautions.
Paul Robinson
Business Collaborator Development Manager
Enviros Software Solutions
WWW: http://www.businesscollaborator.com
More information about the Python-list
mailing list