Advise of programming one of my first programs
Devin Jeanpierre
jeanpierreda at gmail.com
Tue Mar 27 20:26:21 EDT 2012
On Tue, Mar 27, 2012 at 5:59 PM, Evan Driscoll <driscoll at cs.wisc.edu> wrote:
>> The use of eval is dangerous if you are not *completely* sure what is
>> being passed in. Try using pickle instead:
>> http://docs.python.org/release/2.5.2/lib/pickle-example.html
>
>
> Um, at least by my understanding, the use of Pickle is also dangerous if you
> are not completely sure what is being passed in:
Oh goodness yes. pickle is exactly as unsafe as eval is. Try running this code:
from pickle import loads
loads("c__builtin__\neval\n(c__builtin__\nraw_input\n(S'py>'\ntRtR.")
-- Devin
More information about the Python-list
mailing list