unpickle from URL problem
Jean-Paul Calderone
exarkun at divmod.com
Wed Oct 10 06:54:23 EDT 2007
On Wed, 10 Oct 2007 05:58:51 GMT, Alan Isaac <aisaac at american.edu> wrote:
>I am on a Windows box.
>
>I pickle a tuple of 2 simple objects with the pickle module.
>It pickles fine. It unpickles fine.
>
>I upload to a server.
>I try to unpickle from the URL. No luck. Try it:
>x1, x2 = pickle.load(urllib.urlopen('http://www.american.edu/econ/notes/hw/example1'))
>
>I change the filetype to unix. I upload again.
>I try to unpickle from the URL. Now it works. Try it:
>x1, x2 = pickle.load(urllib.urlopen('http://www.american.edu/econ/notes/hw/example2'))
>
>Why the difference?
You shouldn't unpickle things you get from the network, since pickle can
execute arbitrary code: http://jcalderone.livejournal.com/15864.html
Jean-Paul
More information about the Python-list
mailing list