Message6970
Logged In: YES
user_id=73023
It sounds like there are some documentation bugs:
- The security ramifications are not discussed, nor are the
remedies.
- The cPickle module isn't documented very well. I submitted
some
documentation a long time ago that never got incorporated
AFAIK.
I wish I still had it. :)
- cPickle has a feature for turning off instance support and
for
restricting which classes can be unpickled. You can set
the find_global
attribute on a cPickle.Unpickler. The find_global
attribute can be
a function or None. If it is None, then no instances can
be
unpickled. If it is a function, then it should accept a
module and name
and return the corresponding global. It is responsible
for looking
up the global and can raise an error to prevent a
global's use.
See the ZEO storage server implementation for an example
of using this hook.
|
|
Date |
User |
Action |
Args |
2007-08-23 13:56:49 | admin | link | issue471893 messages |
2007-08-23 13:56:49 | admin | create | |
|