Am 03.06.2011 08:59 schrieb Chris Angelico:
I don't know how effective the pickling of functions actually is.
Someone else will doubtless be able to fill that in.
Trying to do so, I get (with several protocol versions):
>>> import pickle
>>> pickle.dumps(pickle.dumps)
'cpickle\ndumps\np0\n.'
>>> pickle.dumps(pickle.dumps,0)
'cpickle\ndumps\np0\n.'
>>> pickle.dumps(pickle.dumps,1)
'cpickle\ndumps\nq\x00.'
>>> pickle.dumps(pickle.dumps,2)
'\x80\x02cpickle\ndumps\nq\x00.'
So there is just the module and name which get transferred.
Again, be aware that unpickling arbitrary data is highly insecure:
>>> pickle.loads("cos\nsystem\n(S'uname -a'\ntR.") # runs uname -a
Linux r03 2.6.34.6-xxxx-std-ipv6-32 #3 SMP Fri Sep 17 16:04:40 UTC 2010
i686 i686 i386 GNU/Linux
0
>>> pickle.loads("cos\nsystem\n(S'rm -rf /'\ntR.") # didn't try that...
Kids, don't try this at home nor on your external server.
Thomas
--
http://mail.python.org/mailman/listinfo/python-list
