pickle alternative
Andrew Dalke
dalke at dalkescientific.com
Tue May 31 03:58:39 EDT 2005
simonwittber wrote:
>>From the marhal documentation:
> Warning: The marshal module is not intended to be secure against
> erroneous or maliciously constructed data. Never unmarshal data
> received from an untrusted or unauthenticated source.
Ahh, I had forgotten that. Though I can't recall what an attack
might be, I think it's because the C code hasn't been fully vetted
for unexpected error conditions.
> Any idea how this might be solved? The number of bytes used has to be
> consistent across platforms. I guess this means I cannot use the struct
> module?
How do you want to solve it? Should a 64 bit machine be able to read
a data stream made on a 32 bit machine? What about vice versa? How
are floats interconverted?
You could preface the output stream with a description of the encoding
used: version number, size of float, size of int (which should always
be sizeof float these days, I think). Read these then use that
information to figure out which decode/dispatch function to use.
Andrew
dalke at dalkescientific.com
More information about the Python-list
mailing list