Message196203
The Python tutorial tells, and even recommends, new users that they can use the pickle module to serialize arbitrary objects. However it does not provide any warning about the insecurity of unpickling arbtirary data. The text even goes so far as to mention sending pickled data over a network connection to other machines.
I believe this section should be replaced with using the json module instead of pickle. It is more standard and doesn't present the same security concerns with untrusted data as pickle does. However if it continues to recommend pickle to new users it should at least warn them of the dangers of using pickle.
The section in question is located at http://docs.python.org/3/tutorial/inputoutput.html#the-pickle-module |
|
Date |
User |
Action |
Args |
2013-08-26 12:37:59 | dstufft | set | recipients:
+ dstufft, docs@python |
2013-08-26 12:37:58 | dstufft | set | messageid: <1377520678.97.0.369666733509.issue18840@psf.upfronthosting.co.za> |
2013-08-26 12:37:58 | dstufft | link | issue18840 messages |
2013-08-26 12:37:58 | dstufft | create | |
|