On Wed, 15 Jul 2020 09:45:06 +1000 Steven D'Aprano <[email protected]> wrote: > > And that's the risk: can I guarantee that there is no clever scheme by > which an attacker can fool me into unpickling malicious code? I need to > be smarter than the attacker, and more imaginative, and to have thought > as long and hard about the problem as they have.
A rather straightforward way to guarantee it would be to sign pickles cryptographically. Of course, the private signing key should not be compromised :-) Regards Antoine. _______________________________________________ Python-ideas mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/DQ6XBCB3LAAMTPWMQFUBSMNPJVS3UNEL/ Code of Conduct: http://python.org/psf/codeofconduct/
