Developing a network protocol with Python
Irmen de Jong
irmen.NOSPAM at xs4all.nl
Thu Dec 15 14:42:39 EST 2005
Laszlo Zsolt Nagy wrote:
> "Mobile objects. Clients and servers can pass objects around - even when
> the server has never known them before. Pyro will then automatically
> transfer the needed Python bytecode."
>
> I believe that using cPickle and transferring data (but not the code) is
> still more secure than transferring bytecode. :-)
Note that the mobile *code* feature of Pyro is off by default.
And that the transfer of bytecodes is only part of the "problem",
because it is possible to craft special constructed pickle streams
that will do nasty things on the receiving side....
--Irmen
More information about the Python-list
mailing list