gangesmaster wrote: >>Huh? You think a competent sys admin can't learn enough Python to hack >>your pickled file? >> >>Binary configs only keep out legitimate users who don't have the time or >>ability to learn how to hack the binary format. Black hats and power users >>will break your binary format and hack them anyway. > > > then you dont know what pickle is. pickle code is NOT python bytecode. > it's a bytecode they made in order to represent objects. you cannot > "exploit" in in the essence of running arbitrary code, unless you find > a bug in the pickle module. and that's less likely than you find a bug > in the parser of the silly config file formats you use. > > i'm not hiding the configuration in "binary files", that's not the > point. pickle is just more secure by definition. > > aah. you all are too stupid. > Great way to win an argument. Pity we aren't as intelligent as you ...
regards Steve -- Steve Holden +44 150 684 7255 +1 800 494 3119 Holden Web LLC/Ltd www.holdenweb.com Love me, love my blog holdenweb.blogspot.com -- http://mail.python.org/mailman/listinfo/python-list
