Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #34705
| References | <CADPXuAhQKsnt1t_vMcT_M1FXQKWo12OBOvV=SQW2iud+79TNmA@mail.gmail.com> |
|---|---|
| Date | 2012-12-12 09:33 -0800 |
| Subject | Re: JSON logging ? |
| From | Chris Rebert <clp2@rebertia.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.783.1355333612.29569.python-list@python.org> (permalink) |
[Multipart message — attachments visible in raw view] - view raw
On Dec 11, 2012 7:33 AM, "Bart Thate" <feedbackflow@gmail.com> wrote: <snip> > pickle uses eval still ? or is is considered safe now ? i was told not to use eval() stuff on data. I don't believe pickle uses eval() per se, but per the red warning box in its docs, it's still not safe when given untrusted input. IIRC, among other things, in order to unpickle non-built-in classes, it is capable of performing imports; this feature is rife for abuse by an adversary.
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: JSON logging ? Chris Rebert <clp2@rebertia.com> - 2012-12-12 09:33 -0800
csiph-web