Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Re: JSON logging ?

Reply
Thread Tools

Re: JSON logging ?

 
 
Chris Rebert
Guest
Posts: n/a
 
      12-12-2012
On Dec 11, 2012 7:33 AM, "Bart Thate" <(E-Mail Removed)> wrote:
<snip>
> pickle uses eval still ? or is is considered safe now ? i was told not to

use eval() stuff on data.

I don't believe pickle uses eval() per se, but per the red warning box in
its docs, it's still not safe when given untrusted input. IIRC, among other
things, in order to unpickle non-built-in classes, it is capable of
performing imports; this feature is rife for abuse by an adversary.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Lib to generate XML/JSON[P] output from a DTD/XSD/JSON Schema/etc Acácio Centeno Python 1 02-15-2013 07:34 AM
I am facing an issue while decoding json string using json.loads sajuptpm Python 2 12-28-2012 07:16 AM
JSON logging ? Bart Thate Python 0 12-11-2012 03:32 PM
[ANN] Security Fix json-1.1.7 for json_pure and json gems Florian Frank Ruby 0 06-30-2009 05:18 PM
"JSON for ASP" at json.org Tuğrul Topuz ASP General 1 06-27-2008 11:37 PM



Advertisments