Differences between revisions 1 and 2
Revision 1 as of 2012-05-11 17:50:30
Size: 476
Editor: whit179
Comment:
Revision 2 as of 2012-05-11 17:51:41
Size: 481
Editor: whit179
Comment:
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
* It is insecure. Untrusted pickles can do arbitrary things. For example, this pickle executes arbitrary Python expressions: pickle.loads("c__builtin__\neval\n(c__builtin__\nraw_input\n(S'py> '\ntRtR.")  * It is insecure. Untrusted pickles can do arbitrary things. For example, this pickle executes arbitrary Python expressions: `pickle.loads("c__builtin__\neval\n(c__builtin__\nraw_input\n(S'py> '\ntRtR.")`
Line 11: Line 11:
* It is Python-only: pickles cannot be loaded in any other programming language / environment.  * It is Python-only: pickles cannot be loaded in any other programming language / environment.
Line 13: Line 13:
* It is schemaless (may be seen as a benefit sometimes)  * It is schemaless (may be seen as a benefit sometimes)

What is Pickle?

http://docs.python.org/library/pickle.html

Should I use Pickle?

Of course not.

  • It is insecure. Untrusted pickles can do arbitrary things. For example, this pickle executes arbitrary Python expressions: pickle.loads("c__builtin__\neval\n(c__builtin__\nraw_input\n(S'py> '\ntRtR.")

  • It is Python-only: pickles cannot be loaded in any other programming language / environment.
  • It is schemaless (may be seen as a benefit sometimes)

Pickle (last edited 2012-05-12 05:24:57 by whit179)

Unable to edit the page? See the FrontPage for instructions.