JSON logging ?
Chris Rebert
clp2 at rebertia.com
Wed Dec 12 12:33:24 EST 2012
On Dec 11, 2012 7:33 AM, "Bart Thate" <feedbackflow at gmail.com> wrote:
<snip>
> pickle uses eval still ? or is is considered safe now ? i was told not to
use eval() stuff on data.
I don't believe pickle uses eval() per se, but per the red warning box in
its docs, it's still not safe when given untrusted input. IIRC, among other
things, in order to unpickle non-built-in classes, it is capable of
performing imports; this feature is rife for abuse by an adversary.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20121212/b2400619/attachment.html>
More information about the Python-list
mailing list