Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Re: dict->XML->dict? Or, passing small hashes through text?

Thread Tools

Re: dict->XML->dict? Or, passing small hashes through text?

Skip Montanaro
Posts: n/a

mack> Another concern with pickle is that (I think?) I can recall
mack> reading about how it is bad to blindly unpickle things that come
mack> in from an untrusted source, and that makes sense, as even
mack> accessing attributes could run arbitrary code, which
mack> seems.. bad.

That's a problem with any serialization format. If you do something like
the equivalent of

cmd = raw_input("Enter a Unix command: ")

you're asking for trouble.

Ignoring that extreme case, pickle has the added problem that you can
execute an arbitrary amount of Python code instantiating previously pickled
objects. If you stick to the usual suspect (int, string, float, long, bool,
list, tuple, dict), you're generally going to be okay. Those are, not too
surprisingly, the types which interoperate the best anyway. I think you can
subclass the pickle.Unpickler class and force a restriction on the types of
objects it will unpickle.


Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
On Hashes - How the hashes printing works? Neela megha shyam Chivukula Ruby 4 05-28-2009 10:56 AM
How to make an array of hashes to a single array with all thevalues of these hashes ? kazaam Ruby 12 09-13-2007 01:30 PM
using hashes as keys in hashes Steven Arnold Ruby 3 11-23-2005 03:25 PM
Hash of hashes, of hashes, of arrays of hashes Tim O'Donovan Perl Misc 5 10-28-2005 05:59 AM
Hashes of Hashes via subs Ben Holness Perl 8 10-08-2003 06:57 AM