Hendrik van Rooyen wrote: > "Steve Holden" <[EMAIL PROTECTED]> wrote: > >> I think someone has already pointed out netstrings, which will allow you >> to send arbitrary strings over network connections deterministically. > > Yes I brought it up > >> I'm afraid for the rest it's just a matter of encoding your information >> in a way that you can decode without allowing a malicious sender to >> cause arbitrary code to be called. > > Yes - and in general you do this by having both the sender and the > transmitter conform to some pre agreed format - a netstring is one > of the simplest of such things - another way is to "frame" records > between some kind of delimeter and to "escape" the occurences of the > delimiter in the data. Another way is to use simple "self defining fields" > that work by giving fields a "tag" number from a list of pre defined > things, as well as a length, followed by the data - some financial > protocols work as a variant of this concept, where the presence or > absence of a bit signify the presence or absence of a field in the record. > > The problem with all of these schemes is that they are all a PITA to > implement, compared to the ease with which you can pickle and > unpickle something like a simple dict of parameters. > > And if that is all you want to pass over to some remote thing, then > having to download and import Pyro is an equal PITA and overkill. > - It adresses a far more sophisticated problem than just getting > some small things across the network. > > Now if Pyro were to make it into the standard library, it would be > my method of choice for even this silly level of functionality, > because I happen to think it rocks. > >> The issue with pickle is that it's way too general a mechanism to be >> secure in open network applications, so a suggestion to beef up its >> security was misguided. Trying to "beef up pickle's security" is like >> trying to make a shotgun that can't kill anything. >> > > Is it really that impossible to add something like a "noeval" flag, or to > force it to only give you a string or a dict if you ask for one or the other, > given that someone has already mentioned that the built in types are > decoded by separate routines? > > Or more generally - as it already has different protocols - to define a > protocol that won't pass executable stuff over, or one that will only > pass and accept the built in types? > Yes.
regards Steve -- Steve Holden +1 571 484 6266 +1 800 494 3119 Holden Web LLC/Ltd http://www.holdenweb.com Skype: holdenweb http://del.icio.us/steve.holden --------------- Asciimercial ------------------ Get on the web: Blog, lens and tag the Internet Many services currently offer free registration ----------- Thank You for Reading ------------- -- http://mail.python.org/mailman/listinfo/python-list