On Mon, Jul 15, 2013 at 10:45 PM, Dave Angel <da...@davea.name> wrote:
> On 07/15/2013 08:30 AM, Chris Angelico wrote:
>>
>> On Mon, Jul 15, 2013 at 10:26 PM, Jean-Michel Pichavant
>> <jeanmic...@sequans.com> wrote:
>>>
>>> Basically, I need to transfer numbers (int). Possibly dictionaries like
>>> {string: int} in order to structure things a little bit.
>>
>>
>> I strongly recommend JSON, then. It's a well-known system, it's
>> compact, it's secure, and Python comes with a json module.
>>
>
> And presumably has been tested against injection attacks (implied by your
> use of 'secure.')Talking about the json module? I would expect it has, given that JSON is frequently used in untrusted contexts (unlike, for instance, pickle, which is specifically *not* for untrusted data). But even if it has some sort of exploit, that would be a bug to be fixed in the library; it would be an issue that affects many other users, and someone will likely report it and get it fixed in the next point release. But what I meant was that the protocol itself is designed with security restrictions in mind. It's designed not to fetch additional content from the network (as XML can), nor to retrieve named objects from the environment (as pickle can), etc, etc. That doesn't mean it's perfect, but it's a lot easier to make a secure protocol based on JSON than one based on pickle, simply because starting with the basics and adding safely is easier than starting with massive power and then protecting around issues. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
