why use special config formats?
gangesmaster
tomerfiliba at gmail.com
Sat Mar 11 08:44:43 EST 2006
> Huh? You think a competent sys admin can't learn enough Python to hack
> your pickled file?
>
> Binary configs only keep out legitimate users who don't have the time or
> ability to learn how to hack the binary format. Black hats and power users
> will break your binary format and hack them anyway.
then you dont know what pickle is. pickle code is NOT python bytecode.
it's a bytecode they made in order to represent objects. you cannot
"exploit" in in the essence of running arbitrary code, unless you find
a bug in the pickle module. and that's less likely than you find a bug
in the parser of the silly config file formats you use.
i'm not hiding the configuration in "binary files", that's not the
point. pickle is just more secure by definition.
aah. you all are too stupid.
-tomer
More information about the Python-list
mailing list