Steven D'Aprano <st...@remove-this-cybersource.com.au> writes: > However, be aware that neither marshal nor pickle guarantees to be safe > against malicious data either. The docs for both warn against using them > on untrusted data. YAML or JSON *might* be safer, I haven't looked.
Regarding malicious data, from the Loading YAML section of PyYAML: Warning: It is not safe to call yaml.load with any data received from an untrusted source! yaml.load is as powerful as pickle.load and so may call any Python function. Check the yaml.safe_load function though. http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML yaml.safe_load however, limits to simple Python objects and Python objects you mark as safe. -- John Bokma j3b Hacking & Hiking in Mexico - http://johnbokma.com/ http://castleamber.com/ - Perl & Python Development -- http://mail.python.org/mailman/listinfo/python-list
