On 22-9-2014 19:53, Chris Angelico wrote: > On Tue, Sep 23, 2014 at 3:47 AM, Irmen de Jong <irmen.nos...@xs4all.nl> wrote: >> I've developed Pyrolite (https://github.com/irmen/Pyrolite), a lightweight >> client >> library for Java and .NET to gain access to Python servers running Pyro. As >> such it also >> contains a complete pickle and unpickle implementation in these languages. > > Does this imply that you send pickle data across the internet and > unpickle it? Isn't that rather dangerous? > > ChrisA
Yes it is, good to point this out. This is why Pyro has been using a different (and safe) serializer by default for a while now. You have to plow through the usual security warnings in the docs and make a conscious effort in your code to enable the pickle serializer if you really want/need it. Pyrolite also contains a Java and .NET version of that safe serializer so you should not be using pickle at all when dealing with Pyro, but its implementation is there. And the pickle code can be used independently. Irmen -- https://mail.python.org/mailman/listinfo/python-list
