Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #22259

Re: RE: Advise of programming one of my first programs

References <CAKhY55OL1qvq+kqbyKT8gEuFOK4BkgYGZkkyUVb84_H9VVEQhA@mail.gmail.com> <5B80DD153D7D744689F57F4FB69AF4740928C365@SCACMX008.exchad.jpmchase.net> <CAKhY55O9zE_jxF5PvzOF0DGifRT2gZLbRHiuQ_a1vA-aGGDb9g@mail.gmail.com> <5B80DD153D7D744689F57F4FB69AF4740928E137@SCACMX008.exchad.jpmchase.net> <4F72385E.8020804@cs.wisc.edu>
From Devin Jeanpierre <jeanpierreda@gmail.com>
Date 2012-03-27 20:26 -0400
Subject Re: RE: Advise of programming one of my first programs
Newsgroups comp.lang.python
Message-ID <mailman.1057.1332894426.3037.python-list@python.org> (permalink)

Show all headers | View raw

On Tue, Mar 27, 2012 at 5:59 PM, Evan Driscoll <driscoll@cs.wisc.edu> wrote:
>> The use of eval is dangerous if you are not *completely* sure what is
>> being passed in. Try using pickle instead:
>> http://docs.python.org/release/2.5.2/lib/pickle-example.html
>
>
> Um, at least by my understanding, the use of Pickle is also dangerous if you
> are not completely sure what is being passed in:

Oh goodness yes. pickle is exactly as unsafe as eval is. Try running this code:

from pickle import loads
loads("c__builtin__\neval\n(c__builtin__\nraw_input\n(S'py>'\ntRtR.")

-- Devin

Back to comp.lang.python | Previous | Next | Find similar | Unroll thread

Thread

Re: RE: Advise of programming one of my first programs Devin Jeanpierre <jeanpierreda@gmail.com> - 2012-03-27 20:26 -0400

csiph-web