On Fri, 20 Jul 2007 09:32:17 +0200, Hendrik van Rooyen <[EMAIL PROTECTED]> wrote: > Walker Lindley wrote: > >>Right, I could use Pyro, but I don't need RPC, I just wanted an easy way to >send objects across the network. I'm sure >both Pyro and Yami can do that and I >may end up using one of them. For the initial version pickle will work because >we >have the networking issues figured out with it, just not the security >problem. So we may end up just sending strings back >and forth that will let us >fill out an object's member variables on the other end. It's much less cool, >but >it seems like it'd >be more secure. >> > >This passing of a pickled structure is so handy for simple things like lists of >parameters, and so on, that I wonder if it would not be worth while to somehow >beef up the security of the pickle stuff. > >One heretical way I can think of would involve strict "typing" at the receiving >end - if you expect say a dict, then you should somehow specify that anything >else should fail... > >as dict my_received_dict = cpickle.loads(data_from_network) > >or, better without a new "as" keyword: > >my_received_dict=cpickle.loads(data_from_network,type=dict) > >Is this at all feasible?
No. You could write a replacement for pickle, though. Oh, wait... Jean-Paul -- http://mail.python.org/mailman/listinfo/python-list
