Message112476
On Mon, Aug 2, 2010 at 10:11 AM, Marc-Andre Lemburg
<report@bugs.python.org> wrote:
..
> Hmm, I just tried the code and it seems that you're right:
>
> The pickle string does not contain a reference to class x,
> but only the name of the function to call. Wow, that's a huge
> hole in Python's pickle system...
That's why we have a big red
"""
Warning: The pickle module is not intended to be secure against
erroneous or maliciously constructed data. Never unpickle data
received from an untrusted or unauthenticated source.
"""
in the docs. |
|
Date |
User |
Action |
Args |
2010-08-02 14:13:56 | belopolsky | set | recipients:
+ belopolsky, lemburg, exarkun, pitrou, alexandre.vassalotti |
2010-08-02 14:13:55 | belopolsky | link | issue9276 messages |
2010-08-02 14:13:54 | belopolsky | create | |
|