Developing a network protocol with Python
Laszlo Zsolt Nagy
gandalf at designaproduct.biz
Wed Dec 14 05:40:41 EST 2005
Paul Rubin wrote:
>Laszlo Zsolt Nagy <gandalf at designaproduct.biz> writes:
>
>
>>I already have my own classes. My objects are in object ownership
>>trees, and they are referencing to each other (weakly and
>>strongly). These classes have their own streaming methods, and they
>>can be pickled safely.
>>
>>
>
>Standard warning: if you're accepting requests from potentially
>hostile sources, don't use pickle.
>
>
Yes, I know. Not talking about TLS/SSL - there can be hostile persons,
knowing a valid password and using a modified client program.
But how can I transfer pure python objects otherwise? Pyro also uses
Pickle and it also transfers bytecode.
Well, Pyro has an option to use XML messaging, but that is very
restricted, you cannot publish arbitrary python objects with XML. :-(
I read somewhere that Pickle had a security problem before Python 2.2,
but after 2.2 it has been solved.
BTW how CORBA or COM does this? They can do object marshaling safely.
Can we do the same with Python?
Isn't it enough to implement find_global of a cPickler ?
Les
More information about the Python-list
mailing list