On Tue, Jun 29, 2010 at 6:15 PM, Vinay Sajip <vinay_sa...@yahoo.co.uk> wrote: > > I've updated the documentation of SocketHandler.makePickle to mention security > concerns, and that the method can be overridden to use a more secure > implementation (e.g. HMAC-signed pickles).
Thanks. But I doubt HMAC complication helps to protect logging server. If shared key is compromised -server becomes vulnerable. I would prefer approach when no code execution is possible. Some alternative serialization way for transmitting log data structures over network. Protocol buffers first come in mind, but they seem to be an overkill, and stdlib doesn't include any implementation. -- anatoly t. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
