Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #34705

Re: JSON logging ?

References <CADPXuAhQKsnt1t_vMcT_M1FXQKWo12OBOvV=SQW2iud+79TNmA@mail.gmail.com>
Date 2012-12-12 09:33 -0800
Subject Re: JSON logging ?
From Chris Rebert <clp2@rebertia.com>
Newsgroups comp.lang.python
Message-ID <mailman.783.1355333612.29569.python-list@python.org> (permalink)

Show all headers | View raw


[Multipart message — attachments visible in raw view] - view raw

On Dec 11, 2012 7:33 AM, "Bart Thate" <feedbackflow@gmail.com> wrote:
<snip>
> pickle uses eval still ? or is is considered safe now ? i was told not to
use eval() stuff on data.

I don't believe pickle uses eval() per se, but per the red warning box in
its docs, it's still not safe when given untrusted input. IIRC, among other
things, in order to unpickle non-built-in classes, it is capable of
performing imports; this feature is rife for abuse by an adversary.

Back to comp.lang.python | Previous | Next | Find similar | Unroll thread


Thread

Re: JSON logging ? Chris Rebert <clp2@rebertia.com> - 2012-12-12 09:33 -0800

csiph-web