On Fri, Nov 5, 2010 at 10:56 AM, Steven D'Aprano wrote:
> Nick Coghlan wrote:
>
>> As a tool for communicating between different instances of the *same*
>> version of Python though, pickle is fine.
>
> I'm using pickle to pass a list and dict of floats and strings from Python
> 2.6 to 3.1. I've ne
On Friday, November 5, 2010, wrote:
> On 12:21 am, m...@gsites.de wrote:
>
> Am 04.11.2010 17:15, schrieb anatoly techtonik:
>> pickle is insecure, marshal too.
>
> If the transport or storage layer is not save, you should cryptographically
> sign the data anyway::
>
> def pickle_encode(data
On 12:21 am, m...@gsites.de wrote:
Am 04.11.2010 17:15, schrieb anatoly techtonik:
> pickle is insecure, marshal too.
If the transport or storage layer is not save, you should
cryptographically sign the data anyway::
def pickle_encode(data, key):
msg = base64.b64encode(pickle.dump
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/11/10 15:57, Alexander Belopolsky wrote:
> On Thu, Nov 4, 2010 at 10:51 AM, Guido van Rossum wrote:
> ..
Twisted actually tried to preserve pickle compatibility in the bad old
days,
but it was impossible. Pickles should never re
Nick Coghlan wrote:
As a tool for communicating between different instances of the *same*
version of Python though, pickle is fine.
I'm using pickle to pass a list and dict of floats and strings from
Python 2.6 to 3.1. I've never had any problems with it. Am I living in a
state of sin or is
Am 04.11.2010 17:15, schrieb anatoly techtonik:
> pickle is insecure, marshal too.
If the transport or storage layer is not save, you should
cryptographically sign the data anyway::
def pickle_encode(data, key):
msg = base64.b64encode(pickle.dumps(data, -1))
sig = base64.b6
On Thu, Nov 4, 2010 at 1:25 PM, Glyph Lefkowitz wrote:
> On Nov 4, 2010, at 12:49 PM, Guido van Rossum wrote:
>
> What's the attack you're thinking of on marshal? It never executes any
> code while unmarshalling (although it can unmarshal code objects --
> but the receiving program has to do somet
On Nov 4, 2010, at 12:49 PM, Guido van Rossum wrote:
> What's the attack you're thinking of on marshal? It never executes any
> code while unmarshalling (although it can unmarshal code objects --
> but the receiving program has to do something additionally to execute
> those).
These issues may h
On Thu, Nov 4, 2010 at 9:15 AM, anatoly techtonik wrote:
> pickle is insecure, marshal too.
What's the attack you're thinking of on marshal? It never executes any
code while unmarshalling (although it can unmarshal code objects --
but the receiving program has to do something additionally to exec
On Thu, Nov 4, 2010 at 3:38 PM, Nick Coghlan wrote:
> On Thu, Nov 4, 2010 at 4:28 PM, anatoly techtonik wrote:
>> On Wed, Nov 3, 2010 at 9:08 PM, Glyph Lefkowitz
>> wrote:
>>>
>>> This is the strongest reason why I recommend to everyone I know that they
>>> not use pickle for storage they'd lik
On Thu, Nov 4, 2010 at 10:51 AM, Guido van Rossum wrote:
..
>>> Twisted actually tried to preserve pickle compatibility in the bad old days,
>>> but it was impossible. Pickles should never really be saved to disk unless
>>> they contain nothing but lists, ints, strings, and dicts.
>
> But *that*
> On Wed, Nov 3, 2010 at 9:08 PM, Glyph Lefkowitz
> wrote:
>> This is the strongest reason why I recommend to everyone I know that they
>> not use pickle for storage they'd like to keep working after upgrades [not
>> just of stdlib, but other 3rd party software or their own software]. :)
>>
>> +1
On Thu, Nov 4, 2010 at 4:28 PM, anatoly techtonik wrote:
> On Wed, Nov 3, 2010 at 9:08 PM, Glyph Lefkowitz
> wrote:
>>
>> This is the strongest reason why I recommend to everyone I know that they
>> not use pickle for storage they'd like to keep working after upgrades [not
>> just of stdlib, but
On 06:28 am, techto...@gmail.com wrote:
On Wed, Nov 3, 2010 at 9:08 PM, Glyph Lefkowitz
wrote:
This is the strongest reason why I recommend to everyone I know that
they
not use pickle for storage they'd like to keep working after upgrades
[not
just of stdlib, but other 3rd party software or
On Wed, Nov 3, 2010 at 9:08 PM, Glyph Lefkowitz wrote:
>
> This is the strongest reason why I recommend to everyone I know that they
> not use pickle for storage they'd like to keep working after upgrades [not
> just of stdlib, but other 3rd party software or their own software]. :)
>
> +1.
> Twis
15 matches
Mail list logo
