On Wed, 15 Jul 2020 09:45:06 +1000 Steven D'Aprano <st...@pearwood.info> wrote: > > And that's the risk: can I guarantee that there is no clever scheme by > which an attacker can fool me into unpickling malicious code? I need to > be smarter than the attacker, and more imaginative, and to have thought > as long and hard about the problem as they have.
A rather straightforward way to guarantee it would be to sign pickles cryptographically. Of course, the private signing key should not be compromised :-) Regards Antoine. _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/DQ6XBCB3LAAMTPWMQFUBSMNPJVS3UNEL/ Code of Conduct: http://python.org/psf/codeofconduct/