secure unpickle?
Tim Peters
tim.one at comcast.net
Mon Jan 19 12:05:27 EST 2004
[Gandalf]
> ...
>> I'm using this module (based on the documentation you mentioned):
>> ...
[John J. Lee]
> What does this have to do with the question? He was worried about
> security of pickle, not asking how to call dumps() and loads().
Look at Gandalf's code again. The pickler is unremarkable, but the
unpickler contains the assignment:
p.find_global = None
As his loads docstring said, "this function will not unpickle globals and
instances" as a result.
More information about the Python-list
mailing list