5 Mar
1999
5 Mar
'99
5:04 p.m.
On Fri, 5 Mar 1999, Jeffrey P Shell wrote:
Running eval on any external data source can be potentially risky. An option is to write pickles to the RDBMS. This allows storage of much more complex objects and it's harder for a third party with access to the database to write a potentially damaging pickle to a field than it is to write a potentially damaging expression.
The downside is that storing a string repr of a python list or dict is still semi-searchable/readable through SQL for other operations. A stored pickle is not.
Or you can use on of the xml marshalling libs. I am familiar with Fredrik's Lundh xmlrpclib: www.pythonware.com Pavlos