http://www.python.org/doc/current/lib/pickle-sec.html talks about security issues with unpickling untrusted strings. It seems from my quick reading that you ought to be able to tell it never to unpickle class instances, and then it would be secure. Perhaps then you could add in hooks for the servlets to register particular classes that are known to be safe.
I think a discussion about this happened on comp.lang.python a while ago -- you could probably find it with Google. -- - Geoff Talvola [EMAIL PROTECTED] _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
