Python, pickling, events, and security
Robert Olson
olson at mcs.anl.gov
Fri Aug 1 12:25:57 CDT 2003
The following is in PEP 307:
We firmly believe that, on the Internet, it is better to know that
you are using an insecure protocol than to trust a protocol to be
secure whose implementation hasn't been thoroughly checked. Even
high quality implementations of widely used protocols are
routinely found flawed; Python's pickle implementation simply
cannot make such guarantees without a much larger time investment.
Therefore, as of Python 2.3, all safety checks on unpickling are
officially removed, and replaced with this warning:
*** Do not unpickle data received from an untrusted or
unauthenticated source ***
The same warning applies to previous Python versions, despite the
presence of safety checks there.
The current event services uses pickled python objects as the wire
protocol. The above warning makes me believe that we should look seriously
at replacing that, perhaps in the just-post-2.1 timeframe.
--bob
More information about the ag-dev
mailing list