[ZODB-Dev] Support for graceful ZODB Class renaming

[Toby Dickenson]

On Friday 17 January 2003 3:58 am, Guido van Rossum wrote:
> > I wonder if this new pickle protocol will take in account the securit=
y
> > issue(s) that Toby pointed out in his previous email regarding safety=
 of
> > unpickling untrusted data [1]?
> >
> > [1] http://lists.zope.org/pipermail/zodb-dev/2003-January/004169.html
>
> I don't think untrusted data should be unpickled, ever.

I often use a subclass of the python unpickler class that only unpickles=20
primitive types - strings, tuples, floats etc - and raises an exception w=
hen=20
it encounters a 'pickle bytecode' that is potentially dangerous. I believ=
e=20
this to be safe, and useful.

> ZEO actually doesn't need pickles for its RPC; marshal would be just
> as good (except bad marshal data can blow up too -- this is easy to
> fix though).

The other problem with marshal is the documented risk that the format may=
 =20
have incompatible changes acrosss python versions. That might not be a bi=
g=20
problem for ZEO.

--=20
Toby Dickenson
http://www.geminidataloggers.com/people/tdickenson