Irmen de Jong a écrit :
Pickle and marshal are not safe. They can do harmful things if fed maliciously constructed data. That is a pity, because marshal is fast. I need a fast and safe (secure) marshaler. Is xdrlib the only option? I would expect that it is fast and safe because it (the xdr spec) has been around for so long.
Or are there better options (perhaps 3rd party libraries)?
Thanks
Irmen.
What exactly do you mean by "safe" ? Do you want to ensure your objects cannot receive corrupted data ? Do you want to ensure no code will be evaluated during the unmarshalling ?
"safe (secure)"
But to be more precise, let's look at the security warning that
is in the marshal documentation:
"The marshal module is not intended to be secure against erroneous or maliciously constructed data. Never unmarshal data received from an untrusted or unauthenticated source."
So essentially I want the opposite of that ;-)
I want a marshalar that is okay to use where the data it processes comes from unknown, external sources (untrusted). It should not crash on corrupt data and it should not execute arbitrary code when unmarshaling, so that it is safe against hacking attempts.
Oh, preferrably, it should be fast :) Some XML-ish thing may be secure but is likely to be not fast at all.
Ideally it should be able to transfer user defined Python types, but if it is like marshal (can only marshal builtin types) that's okay too.
--Irmen -- http://mail.python.org/mailman/listinfo/python-list
