#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2004
    Posts
    461
    Rep Power
    25

    Safegarding pickle


    I am trying to make pickling safer so no one can try to through say a class or a thread at me when i expected a array of numbers. I have thought about using res to check if it was something, but it would be hard since maybe it was say a 3 demetional array. In the third demention somewhere they could have sliped in a thread that would kill my app.

    I would like to use pickle for sockets so it is easyer to send numbers and such. Any ideas?
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2004
    Posts
    73
    Rep Power
    10
    Python Documentation 3.14.1
    The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
    use xml instead, you'll have much more control with xml
  4. #3
  5. Hello World :)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2003
    Location
    Hull, UK
    Posts
    2,537
    Rep Power
    69
    Better yet use SOAP, this way you could probably get rid of the sockets from your app . It also handles all the type checking and such for you so you shouldn't have to worry about things like this.

    Mark.
    programming language development: www.netytan.com Hula


IMN logo majestic logo threadwatch logo seochat tools logo