On Wed, 10 Oct 2007 05:58:51 GMT, Alan Isaac <[EMAIL PROTECTED]> wrote:
>I am on a Windows box.
>
>I pickle a tuple of 2 simple objects with the pickle module.
>It pickles fine. It unpickles fine.
>
>I upload to a server.
>I try to unpickle from the URL. No luck. Try it:
>x1, x2 =
>pickle.load(urllib.urlopen('http://www.american.edu/econ/notes/hw/example1'))
>
>I change the filetype to unix. I upload again.
>I try to unpickle from the URL. Now it works. Try it:
>x1, x2 =
>pickle.load(urllib.urlopen('http://www.american.edu/econ/notes/hw/example2'))
>
>Why the difference?
You shouldn't unpickle things you get from the network, since pickle can
execute arbitrary code: http://jcalderone.livejournal.com/15864.html
Jean-Paul
--
http://mail.python.org/mailman/listinfo/python-list
