Movatterモバイル変換
[0]ホーム
[Python-ideas] Secure unpickle
Neil Girdharmistersheik at gmail.com
Thu Jul 23 02:29:20 CEST 2015
That's amazing. I did not know about that.On Wed, Jul 22, 2015 at 6:30 PM, Eric V. Smith <eric at trueblade.com> wrote:> Have you looked at>https://docs.python.org/3/library/pickle.html#pickle-restrict> ?>> --> Eric.>> > On Jul 22, 2015, at 4:03 AM, Neil Girdhar <mistersheik at gmail.com> wrote:> >> > I've heard it said that pickle is a security hole, and so it's better to> write your own serialization routine. That's unfortunate because pickle> has so many advantages such as automatically tying into copy/deepcopy.> Would it be possible to make unpickle secure, e.g., by having the caller> create a context in which all calls to unpickle are limited to unpickling a> specific set of types? (When these types unpickle their sub-objects, they> could potentially limit the set of types further.)> > _______________________________________________> > Python-ideas mailing list> >Python-ideas at python.org> >https://mail.python.org/mailman/listinfo/python-ideas> > Code of Conduct:http://python.org/psf/codeofconduct/> _______________________________________________> Python-ideas mailing list>Python-ideas at python.org>https://mail.python.org/mailman/listinfo/python-ideas> Code of Conduct:http://python.org/psf/codeofconduct/>> -->> ---> You received this message because you are subscribed to a topic in the> Google Groups "python-ideas" group.> To unsubscribe from this topic, visit>https://groups.google.com/d/topic/python-ideas/OhYb7RHNHyA/unsubscribe.> To unsubscribe from this group and all its topics, send an email to>python-ideas+unsubscribe at googlegroups.com.> For more options, visithttps://groups.google.com/d/optout.>-------------- next part --------------An HTML attachment was scrubbed...URL: <http://mail.python.org/pipermail/python-ideas/attachments/20150722/3773ed70/attachment.html>
More information about the Python-ideasmailing list
[8]ページ先頭