Walker Lindley wrote: >Right, I could use Pyro, but I don't need RPC, I just wanted an easy way to send objects across the network. I'm sure >both Pyro and Yami can do that and I may end up using one of them. For the initial version pickle will work because we >have the networking issues figured out with it, just not the security problem. So we may end up just sending strings back >and forth that will let us fill out an object's member variables on the other end. It's much less cool, but it seems like it'd >be more secure. >
This passing of a pickled structure is so handy for simple things like lists of parameters, and so on, that I wonder if it would not be worth while to somehow beef up the security of the pickle stuff. One heretical way I can think of would involve strict "typing" at the receiving end - if you expect say a dict, then you should somehow specify that anything else should fail... as dict my_received_dict = cpickle.loads(data_from_network) or, better without a new "as" keyword: my_received_dict=cpickle.loads(data_from_network,type=dict) Is this at all feasible? - Hendrik -- http://mail.python.org/mailman/listinfo/python-list
