[Python-Dev] Pickle alternative in stdlib (Was: On breaking modules into packages) (original) (raw)
Guido van Rossum guido at python.org
Thu Nov 4 17:49:39 CET 2010
- Previous message: [Python-Dev] Pickle alternative in stdlib (Was: On breaking modules into packages)
- Next message: [Python-Dev] Pickle alternative in stdlib (Was: On breaking modules into packages)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Nov 4, 2010 at 9:15 AM, anatoly techtonik <techtonik at gmail.com> wrote:
pickle is insecure, marshal too.
What's the attack you're thinking of on marshal? It never executes any code while unmarshalling (although it can unmarshal code objects -- but the receiving program has to do something additionally to execute those).
What about JSON? IIUC you need a definition of a class to be able to unserialize it in all cases. I wonder how is this definition validated, i.e. what to watch for when modifying classes that can be serialized.
Security is all in the code used to deserialize. I haven't analyzed the json library that comes in the stdlib these days, but couldn't it in theory be as safe as XML? (Not that there haven't been any attacks on XML -- but they depended on bugs in the unmarshalling code, the format itself is not insecure.)
-- --Guido van Rossum (python.org/~guido)
- Previous message: [Python-Dev] Pickle alternative in stdlib (Was: On breaking modules into packages)
- Next message: [Python-Dev] Pickle alternative in stdlib (Was: On breaking modules into packages)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]