Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
kAIST2012-03-28 07:38:59
Python
kAIST, 2012-03-28 07:38:59

Is python pickle safe?

There is some application that provides for the exchange of data between users, as well as uploading data to the site. The application is written in python, the data is serialized using cPickle.
Is this approach safe, and can an attacker put code there that will be executed? I feel with my heels that yes, but I can’t prove it)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
N
nuit, 2012-03-28
@nuit

docs.python.org/library/pickle.html
"Warning: The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source."

Report
N
northicewind, 2012-03-28
@northicewind

You can try Google protocol buffers , although the implementation in python is younger than in C ++, but it works very well.

Similar questions
A
andreystrelkov2014-05-05 18:30:31
How to change the keyboard language used on Android-e? 6Reply
A
AlexSer2019-09-10 08:44:27
How to organize version control? 2Reply
G
Guerro692020-06-22 22:57:17
How to play music using discord.py? 1Reply
A
alex-bul2020-06-23 05:35:42
How to edit website code with python? 2Reply
N
neizon2021-09-17 10:56:37
How to parse the site (train time) and make it activation by buttons in the VK bot? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question