Hi all, I'm currently working on a secure Pickle-like module, Cerealizer, http://home.gna.org/oomadness/en/cerealizer/index.html Cerealizer has a pickle-like interface (load, dump, __getstate__, __setstate__,...), however it requires to register the class you want to "cerealize", by calling cerealizer.register(YourClass). Cerealizer doesn't import other modules (contrary to pickle), and the only methods it may call are YourClass.__new__, YourClass.__getstate__ and YourClass.__setstate__ (Cerealizer keeps it own reference to these three method, so as YourCall.__setstate__ = cracked_method is harmless). Thus, as long as __new__, __getstate__ and __setstate__ are not dangerous, Cerealizer should be secure.
The performance are quite good and, with Psyco, it is about as fast as cPickle. However, Cerealizer is written in less than 300 lines of pure-Python code. I would appreciate any comments, especially if there are some security gurus here :-) Jiba -- http://mail.python.org/mailman/listinfo/python-list
