Re: JSON logging ?

Discussion in 'Python' started by Chris Rebert, Dec 12, 2012.

  1. Chris Rebert

    Chris Rebert Guest

    On Dec 11, 2012 7:33 AM, "Bart Thate" <> wrote:
    <snip>
    > pickle uses eval still ? or is is considered safe now ? i was told not to

    use eval() stuff on data.

    I don't believe pickle uses eval() per se, but per the red warning box in
    its docs, it's still not safe when given untrusted input. IIRC, among other
    things, in order to unpickle non-built-in classes, it is capable of
    performing imports; this feature is rife for abuse by an adversary.
    Chris Rebert, Dec 12, 2012
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Florian Frank
    Replies:
    0
    Views:
    237
    Florian Frank
    Jun 30, 2009
  2. sajuptpm
    Replies:
    2
    Views:
    323
    sajuptpm
    Dec 28, 2012
  3. Acácio Centeno
    Replies:
    1
    Views:
    248
    dieter
    Feb 15, 2013
  4. Bryan Britten
    Replies:
    9
    Views:
    259
    Bryan Britten
    May 28, 2013
  5. David Karr
    Replies:
    1
    Views:
    162
    David Karr
    Jun 17, 2013
Loading...

Share This Page