Pickled objects over the network
Hendrik van Rooyen
mail at microcorp.co.za
Fri Jul 20 03:32:17 EDT 2007
Walker Lindley wrote:
>Right, I could use Pyro, but I don't need RPC, I just wanted an easy way to
send objects across the network. I'm sure >both Pyro and Yami can do that and I
may end up using one of them. For the initial version pickle will work because
we >have the networking issues figured out with it, just not the security
problem. So we may end up just sending strings back >and forth that will let us
fill out an object's member variables on the other end. It's much less cool, but
it seems like it'd >be more secure.
>
This passing of a pickled structure is so handy for simple things like lists of
parameters, and so on, that I wonder if it would not be worth while to somehow
beef up the security of the pickle stuff.
One heretical way I can think of would involve strict "typing" at the receiving
end - if you expect say a dict, then you should somehow specify that anything
else should fail...
as dict my_received_dict = cpickle.loads(data_from_network)
or, better without a new "as" keyword:
my_received_dict=cpickle.loads(data_from_network,type=dict)
Is this at all feasible?
- Hendrik
More information about the Python-list
mailing list