[ZODB-Dev] Support for graceful ZODB Class renaming
Guido van Rossum
guido@python.org
Fri, 17 Jan 2003 09:45:26 -0500
> > I don't think untrusted data should be unpickled, ever.
>
> I often use a subclass of the python unpickler class that only unpickles
> primitive types - strings, tuples, floats etc - and raises an exception when
> it encounters a 'pickle bytecode' that is potentially dangerous. I believe
> this to be safe, and useful.
Sure, but it's hardly the general case for which pickling was
created -- you might as well create your own format. And you can't
use cPickle. This use case won't be broken, but doesn't really affect
my recommendation.
> > ZEO actually doesn't need pickles for its RPC; marshal would be just
> > as good (except bad marshal data can blow up too -- this is easy to
> > fix though).
>
> The other problem with marshal is the documented risk that the
> format may have incompatible changes acrosss python versions. That
> might not be a big problem for ZEO.
In practice, the incompatibilities are restricted to code objects
(which tend to grow new attributes with each language refinement).
--Guido van Rossum (home page: http://www.python.org/~guido/)