On Tue, Mar 27, 2012 at 5:59 PM, Evan Driscoll <drisc...@cs.wisc.edu> wrote:
>> The use of eval is dangerous if you are not *completely* sure what is
>> being passed in. Try using pickle instead:
>> http://docs.python.org/release/2.5.2/lib/pickle-example.html
>
>
> Um, at least by my understanding, the use of Pickle is also dangerous if you
> are not completely sure what is being passed in:
Oh goodness yes. pickle is exactly as unsafe as eval is. Try running this code:
from pickle import loads
loads("c__builtin__\neval\n(c__builtin__\nraw_input\n(S'py>'\ntRtR.")
-- Devin
--
http://mail.python.org/mailman/listinfo/python-list
