Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #34705 > unrolled thread

Re: JSON logging ?

Started byChris Rebert <clp2@rebertia.com>
First post2012-12-12 09:33 -0800
Last post2012-12-12 09:33 -0800
Articles 1 — 1 participant

Back to article view | Back to comp.lang.python

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.


Contents

  Re: JSON logging ? Chris Rebert <clp2@rebertia.com> - 2012-12-12 09:33 -0800

#34705 — Re: JSON logging ?

FromChris Rebert <clp2@rebertia.com>
Date2012-12-12 09:33 -0800
SubjectRe: JSON logging ?
Message-ID<mailman.783.1355333612.29569.python-list@python.org>

[Multipart message — attachments visible in raw view] — view raw

On Dec 11, 2012 7:33 AM, "Bart Thate" <feedbackflow@gmail.com> wrote:
<snip>
> pickle uses eval still ? or is is considered safe now ? i was told not to
use eval() stuff on data.

I don't believe pickle uses eval() per se, but per the red warning box in
its docs, it's still not safe when given untrusted input. IIRC, among other
things, in order to unpickle non-built-in classes, it is capable of
performing imports; this feature is rife for abuse by an adversary.

[toc] | [standalone]


Back to top | Article view | comp.lang.python


csiph-web