I use JSON with explicit serialize/deserialize methods. Explicit is better than implicit.
On Jul 15, 9:55 am, greenmoss <[email protected]> wrote: > On Jul 14, 10:04 pm, Greg Ewing <[email protected]> wrote: > > > > > > > Tristam MacDonald wrote: > > > The only reason that the python documentation issues the following > > > warning: "/The pickle module is not intended to be secure against > > > erroneous or maliciously constructed data. Never unpickle data received > > > from an untrusted or unauthenticated source/", is that it is possible to > > > hand-craft a file that will crash the unpickle process. > > > No, it's somewhat worse than that: it's possible to construct > > a pickle that will call an arbitrary class or function in your > > application with arbitrary arguments. It's conceivable that a > > malicious opponent could use this to pwn your machine. > > > So you need to treat untrusted pickles with the same level of > > caution as untrusted executables. > > > -- > > Greg > > Greg, > > What do you use instead of pickle for saving and/or serializing game > state for later reuse? -- You received this message because you are subscribed to the Google Groups "pyglet-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pyglet-users?hl=en.
