Hi, I'm looking for a way in unpickling, or equivalent, such that can only
unpickle (or is limited to) simple data structure, such as number, string,
list, tuples.
The doc I found http://www.python.org/doc/2.2.3/lib/pickle-sec.html was
helpful but still not very clear to me.
Thanks!
-Y 7 1477 Hi, I'm looking for a way in unpickling, or equivalent, such that can only unpickle (or is limited to) simple data structure, such as number, string, list, tuples.
The doc I found http://www.python.org/doc/2.2.3/lib/pickle-sec.html was helpful but still not very clear to me.
Thanks!
-Y
I'm using this module (based on the documentation you mentioned):
import cStringIO
import cPickle
def dumps(obj):
"""Dumps an object into a string.
@param obj: The object to dump. It should not be a user defined
object nor a global.
It should only contain built-in types. (Will not raise an
exception anyway.)
@return: The dumped object as a string.
"""
f = cStringIO.StringIO()
p = cPickle.Pickler(f,1)
p.dump(obj)
return f.getvalue()
def loads(s):
"""Loads an object from a string.
@param s: The string to load the object from.
@return: The object loaded from the string. This function will not
unpickle globals and instances.
"""
f = cStringIO.StringIO(s)
p = cPickle.Unpickler(f)
p.find_global = None
return p.load()
"Yun Mao" <ma**@cis.upenn.edu> writes: Hi, I'm looking for a way in unpickling, or equivalent, such that can only unpickle (or is limited to) simple data structure, such as number, string, list, tuples.
marshal
The docs have similar warnings, though.
What's are you trying to do?
I'm amazed that WAYTTD isn't a standard USENET acronym by now...
John
Gandalf <ga*****@geochemsource.com> writes:
[...] I'm using this module (based on the documentation you mentioned):
[...snip...]
What does this have to do with the question? He was worried about
security of pickle, not asking how to call dumps() and loads().
John
John J. Lee wrote: Gandalf <ga*****@geochemsource.com> writes: [...]
I'm using this module (based on the documentation you mentioned):
[...snip...]
What does this have to do with the question? He was worried about security of pickle, not asking how to call dumps() and loads().
Well, in that case, get my humble apologies. jj*@pobox.com (John J. Lee) writes: marshal
The docs have similar warnings, though.
Marshal has an additional problem, which is that the format can change
incompatibly between one Python version and another. So if you use
marshal for object persistence and upgrade your Python instance, you
can be screwed.
There is no clearly good solution to this issue. There are a couple
of bug entries in Sourceforge about it.
Gandalf <ga*****@geochemsource.com> writes: John J. Lee wrote:
Gandalf <ga*****@geochemsource.com> writes: [...]
I'm using this module (based on the documentation you mentioned): [...snip...]
What does this have to do with the question? He was worried about security of pickle, not asking how to call dumps() and loads(). Well, in that case, get my humble apologies.
It was an honest question (even though I didn't expect a useful answer
;-). I now see (thanks to Tim's post) you *did* have an answer in
there.
John
Paul Rubin <http://ph****@NOSPAM.invalid> writes: jj*@pobox.com (John J. Lee) writes: marshal
The docs have similar warnings, though.
Marshal has an additional problem, which is that the format can change incompatibly between one Python version and another.
Oh, and this: marshal.loads('x')
Segmentation fault
There's a patch from Armin that I'm supposed to be reviewing about
that...
I really wouldn't unmarshal input that could come from some random
source on the internet.
Cheers,
mwh
--
If design space weren't so vast, and the good solutions so small a
portion of it, programming would be a lot easier.
-- maney, comp.lang.python This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Billy Jacobs |
last post by:
I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?
Originally I had my web.config file in the root with Forms...
|
by: debedb |
last post by:
Hi all,
I have a link, <A onClick="javascript:foo()">. The
foo() function does
w = window.open('', fieldid+'mywindow', prop);
w.document.open();
d = w.document;
And proceeds to write...
|
by: Seth |
last post by:
I have noticed that the id of my session object changes
when I switch from a non-secure to a secure connection.
What I'm trying to do:
I have a cookie that is built on the non-secure side of...
|
by: Joe |
last post by:
I have an application which runs in a non-secure environment. I also have an
application that runs in a secure environment (both on the same machine). Is
there any way to share the session data for...
|
by: Robert Seacord |
last post by:
The CERT/CC has just deployed a new web site dedicated to developing
secure coding standards for the C programming language, C++, and
eventually other programming language.
We have already...
| |
by: Ted Zeng |
last post by:
Hi,
I store some test results into a database after I use python
To pickle them (say, misfiles=)
Now I want to display the result on a web page which uses PHP.
How could the web page...
|
by: amitvps |
last post by:
Secure Socket Layer is very important and useful for any web application but it brings some problems too with itself. Handling navigation between secure and non-secure pages is one of the cumbersome...
|
by: Alan Isaac |
last post by:
I am on a Windows box.
I pickle a tuple of 2 simple objects with the pickle module.
It pickles fine. It unpickles fine.
I upload to a server.
I try to unpickle from the URL. No luck. Try...
|
by: Danny Shevitz |
last post by:
Howdy,
In my app I need to exec user text that defines a function. I want this
function to unpickle an object. Pickle breaks because it is looking for
the object definition that isn't in the...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |