⇤ ← Revision 1 as of 2012-05-11 17:50:30
476
Comment:
|
481
|
Deletions are marked like this. | Additions are marked like this. |
Line 9: | Line 9: |
* It is insecure. Untrusted pickles can do arbitrary things. For example, this pickle executes arbitrary Python expressions: pickle.loads("c__builtin__\neval\n(c__builtin__\nraw_input\n(S'py> '\ntRtR.") | * It is insecure. Untrusted pickles can do arbitrary things. For example, this pickle executes arbitrary Python expressions: `pickle.loads("c__builtin__\neval\n(c__builtin__\nraw_input\n(S'py> '\ntRtR.")` |
Line 11: | Line 11: |
* It is Python-only: pickles cannot be loaded in any other programming language / environment. | * It is Python-only: pickles cannot be loaded in any other programming language / environment. |
Line 13: | Line 13: |
* It is schemaless (may be seen as a benefit sometimes) | * It is schemaless (may be seen as a benefit sometimes) |
What is Pickle?
http://docs.python.org/library/pickle.html
Should I use Pickle?
Of course not.
It is insecure. Untrusted pickles can do arbitrary things. For example, this pickle executes arbitrary Python expressions: pickle.loads("c__builtin__\neval\n(c__builtin__\nraw_input\n(S'py> '\ntRtR.")
- It is Python-only: pickles cannot be loaded in any other programming language / environment.
- It is schemaless (may be seen as a benefit sometimes)