[Keeping [EMAIL PROTECTED] in the loop for the archive]
On Fri, May 26, 2000 at 02:05:42PM +0100, Steve Alexander wrote:
> Martijn Pieters wrote:
> > On Fri, May 26, 2000 at 11:05:23AM +0100, Steve Alexander wrote:
> > > Here's a very silly idea:
> > >
> > > Could you pickle and Base64 encode the data you want to pass, and then
> > > shove it in a single hidden control?
> > I am afraid that is a very silly security hole. Anyone can replace that pickle
> > with any other pickle, which the server will then instanciate. Anything goes.
> I *knew* there was some reason it was silly as I was typing it :-)
> Shame there's no "safe pickle option" that allows only numbers, strings,
> lists, tuples and dictionaries.
There is actually. It's called marshal:
which supports just that list of types, plus code objects.
| Software Engineer mailto:[EMAIL PROTECTED]
| Digital Creations http://www.digicool.com/
| Creators of Zope http://www.zope.org/
| The Open Source Web Application Server
Zope maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -