On Fri, Jun 10, 2011 at 11:47:23AM +0200, Rene Nussbaumer wrote: > On Fri, Jun 10, 2011 at 10:46 AM, Iustin Pop <[email protected]> wrote: > > On Wed, Jun 08, 2011 at 11:00:32AM +0200, René Nussbaumer wrote: > >> + """ > >> + return (self.mc.add(key, value, time=ttl) or > >> + self.mc.replace(key, value, time=ttl)) > > > > This does not make any mention of how/if the values are serialized. What > > is happening here? > > The module memcache uses Pickler to do serialization and > deserialization. So you want to have that documented in the docstring?
Hmm. So each cache backend will have to do its own serialisation? I was rather thinking that we control the serialisation in the generic cache layer, and just send string key/vals to the cache backends. In this particular case, this is not good. It is known that pickle has potential security issues and one should not blindly unpickle untrusted data; since memcache has no (AFAIK) ACLs, it means that any unpriviledged process on the machine could potentially hijack our stuff. Do I misunderstand the operation model? thanks, iustin
