On Mon, 21 Jun 2010 09:01:12 am Modulok wrote: > List, > > What's the best format to send data across the wire between > processes?
Consider json or yaml. json comes in the standard library, at least in version 2.6; yaml does not. I don't know if they are secure, but it's worth checking. If your data consists of key:value pairs (which apparently it does), also consider the plistlib module. > I have some simple 'insensitive' data I need to send from a client, > to a server via a TCP socket. Things like 'count = 10, name="foo"' > and so forth. Basic values. I would use something like the 'pickle' > module to pack them up send as encoded strings, which would then be > loaded on the server. It'd be nice, but the server has no > authentication. Therefore: > > "Warning The pickle module is not intended to be secure against > erroneous or maliciously constructed data. Never unpickle data > received from an untrusted or unauthenticated source." What's your threat model? Malicious sys admin on the remote client? CIA listening in? Business competitor injecting erroneous data? Receiving data from random places on the Internet? You control both machines, right next to each other in the same locked server room guarded by crocodiles, and you have the only key? Depending on how serious your threat model is, the right solution might be to insist on authentication on both machines and use SSH between the two. -- Steven D'Aprano _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
