On Nov 1, 12:04 am, Paul Rubin <http://[EMAIL PROTECTED]> wrote: > Raymond Hettinger <[EMAIL PROTECTED]> writes: > > ''' This is not a general "persistence" module. For general > > persistence and transfer of Python objects through RPC calls, see > > the modules :mod:`pickle` and :mod:`shelve`. > > That advice should be removed since Python currently does not have a > general persistence or transfer module in its stdlib. There's been an > open bug/RFE about it for something like 5 years. The issue is that > any sensible general purpose RPC mechanism MUST make reasonable > security assertions that nothing bad happens if you deserialize > untrusted data. The pickle module doesn't make such guarantees and in > fact its documentation explicitly warns against unpickling untrusted > data. Therefore pickle should not be used as a general RPC > mechanism.
This is absolutely correct. Marshal is more secure than pickle because marshal *cannot* execute code automatically whereas pickle does. The assertion that marshal is less secure than pickle is absurd. This is exactly why the gadfly server mode uses marshal and not pickle. -- Aaron Watters === why do you hang out with that sadist? beats me! -- kliban -- http://mail.python.org/mailman/listinfo/python-list
