On Fri, Nov 5, 2010 at 10:56 AM, Steven D'Aprano st...@pearwood.info wrote:
Nick Coghlan wrote:
As a tool for communicating between different instances of the *same*
version of Python though, pickle is fine.
I'm using pickle to pass a list and dict of floats and strings from Python
2.6 to
On Wed, Nov 3, 2010 at 9:08 PM, Glyph Lefkowitz gl...@twistedmatrix.com wrote:
This is the strongest reason why I recommend to everyone I know that they
not use pickle for storage they'd like to keep working after upgrades [not
just of stdlib, but other 3rd party software or their own
On 06:28 am, techto...@gmail.com wrote:
On Wed, Nov 3, 2010 at 9:08 PM, Glyph Lefkowitz
gl...@twistedmatrix.com wrote:
This is the strongest reason why I recommend to everyone I know that
they
not use pickle for storage they'd like to keep working after upgrades
[not
just of stdlib, but
On Thu, Nov 4, 2010 at 4:28 PM, anatoly techtonik techto...@gmail.com wrote:
On Wed, Nov 3, 2010 at 9:08 PM, Glyph Lefkowitz gl...@twistedmatrix.com
wrote:
This is the strongest reason why I recommend to everyone I know that they
not use pickle for storage they'd like to keep working after
On Wed, Nov 3, 2010 at 9:08 PM, Glyph Lefkowitz gl...@twistedmatrix.com
wrote:
This is the strongest reason why I recommend to everyone I know that they
not use pickle for storage they'd like to keep working after upgrades [not
just of stdlib, but other 3rd party software or their own
On Thu, Nov 4, 2010 at 10:51 AM, Guido van Rossum gu...@python.org wrote:
..
Twisted actually tried to preserve pickle compatibility in the bad old days,
but it was impossible. Pickles should never really be saved to disk unless
they contain nothing but lists, ints, strings, and dicts.
But
On Thu, Nov 4, 2010 at 3:38 PM, Nick Coghlan ncogh...@gmail.com wrote:
On Thu, Nov 4, 2010 at 4:28 PM, anatoly techtonik techto...@gmail.com wrote:
On Wed, Nov 3, 2010 at 9:08 PM, Glyph Lefkowitz gl...@twistedmatrix.com
wrote:
This is the strongest reason why I recommend to everyone I know
On Thu, Nov 4, 2010 at 9:15 AM, anatoly techtonik techto...@gmail.com wrote:
pickle is insecure, marshal too.
What's the attack you're thinking of on marshal? It never executes any
code while unmarshalling (although it can unmarshal code objects --
but the receiving program has to do something
On Nov 4, 2010, at 12:49 PM, Guido van Rossum wrote:
What's the attack you're thinking of on marshal? It never executes any
code while unmarshalling (although it can unmarshal code objects --
but the receiving program has to do something additionally to execute
those).
These issues may have
On Thu, Nov 4, 2010 at 1:25 PM, Glyph Lefkowitz gl...@twistedmatrix.com wrote:
On Nov 4, 2010, at 12:49 PM, Guido van Rossum wrote:
What's the attack you're thinking of on marshal? It never executes any
code while unmarshalling (although it can unmarshal code objects --
but the receiving
Am 04.11.2010 17:15, schrieb anatoly techtonik:
pickle is insecure, marshal too.
If the transport or storage layer is not save, you should
cryptographically sign the data anyway::
def pickle_encode(data, key):
msg = base64.b64encode(pickle.dumps(data, -1))
sig =
Nick Coghlan wrote:
As a tool for communicating between different instances of the *same*
version of Python though, pickle is fine.
I'm using pickle to pass a list and dict of floats and strings from
Python 2.6 to 3.1. I've never had any problems with it. Am I living in a
state of sin or is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/11/10 15:57, Alexander Belopolsky wrote:
On Thu, Nov 4, 2010 at 10:51 AM, Guido van Rossum gu...@python.org wrote:
..
Twisted actually tried to preserve pickle compatibility in the bad old
days,
but it was impossible. Pickles should never
On 12:21 am, m...@gsites.de wrote:
Am 04.11.2010 17:15, schrieb anatoly techtonik:
pickle is insecure, marshal too.
If the transport or storage layer is not save, you should
cryptographically sign the data anyway::
def pickle_encode(data, key):
msg =
On Friday, November 5, 2010, exar...@twistedmatrix.com wrote:
On 12:21 am, m...@gsites.de wrote:
Am 04.11.2010 17:15, schrieb anatoly techtonik:
pickle is insecure, marshal too.
If the transport or storage layer is not save, you should cryptographically
sign the data anyway::
def
15 matches
Mail list logo
