is there a safe marshaler?
Pierre Barbier de Reuille
pierre.barbier at cirad.fr
Thu Feb 10 09:26:21 EST 2005
Irmen de Jong a écrit :
> Pickle and marshal are not safe. They can do harmful
> things if fed maliciously constructed data.
> That is a pity, because marshal is fast.
> I need a fast and safe (secure) marshaler.
> Is xdrlib the only option?
> I would expect that it is fast and safe because
> it (the xdr spec) has been around for so long.
>
> Or are there better options (perhaps 3rd party libraries)?
>
> Thanks
>
> Irmen.
What exactly do you mean by "safe" ? Do you want to ensure your objects
cannot receive corrupted data ? Do you want to ensure no code will be
evaluated during the unmarshalling ?
Please, be more precise,
Pierre
More information about the Python-list
mailing list