[Python-Dev] new features for 2.3? (original) (raw)

Neil Schemenauer nas@python.ca
Tue, 7 Jan 2003 22:13:00 -0800

• Previous message: [Python-Dev] new features for 2.3?
• Next message: [Python-Dev] new features for 2.3?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Guido van Rossum wrote:

For untrusted situations, you should design a custom format that OBVIOUSLY cannot be used to hack into your system. XML sounds pretty good.

Ugh. XML is way to verbose and is slow to parse, IMHO. A limited subset of the pickle or marshal format would be pretty good.

No, for the same reasons as above. I don't think you can prove [pickle is] safe, so I don't think you should trust it.

What about a subset that only included int, float, string, unicode, dict, and tuple?

Making marshal safe would be much easier, as long as you don't use eval, exec or new.function() on the result.

The documentation for marshal says "details of the format are undocumented on purpose; it may change between Python versions". Maybe we need something like marshal that works on a limited set of types and has a stable format.

Neil

• Previous message: [Python-Dev] new features for 2.3?
• Next message: [Python-Dev] new features for 2.3?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]