On Wed, Apr 20, 2011 at 4:44 PM, Bastian Ballmann <ba...@chaostal.de> wrote: > Yes pickle is like eval, but that doesnt mean that one should never > ever use it over a socket connection. > What about ssl sockets where client and server authenticate each other? > Or you encrypt the pickle dump with symmetric encryption and only load > it if you can decrypt it? There are ways to ensure that the data you > get can be handled as trusted.
No, I disagree. And I'll cite Caesary as evidence of why. Caesary is a multiplayer game that uses Flash as its client. (I'm told the back end is Java, which would explain why it starts lagging horribly when everyone's online at once.) It has some measure of authentication of the client, but it's not difficult to spoof; obviously you could go more elaborate and harder to spoof, but that still doesn't solve the problem. Even public/private key systems won't work here; someone could get hold of your client and its private key, and poof. Caesary uses an Adobe Message Format system, whereby complex objects get serialized and transmitted in both directions. It's fundamentally the same as pickling. When I started poking around with things, it took me very little time to start transmitting my own requests to the server; my requests were benign (asking it for information), but other people figured out the same thing and were rather less ethical. That's why I tend to use and create much simpler protocols for network transmission. Also, I like to use a MUD client to test my servers, ergo textual protocols similar to SMTP. Sure, it may be a tad more verbose than some, but it's usually easy to parse and verify. Chris Angelico -- http://mail.python.org/mailman/listinfo/python-list
