[Zope] Mysql get/set blob
Paul Winkler
pw_lists at slinkp.com
Sun Nov 21 18:13:15 EST 2004
On Sun, Nov 21, 2004 at 02:36:36PM -0800, David Siedband wrote:
> I was thinking eval() combined with some sort of checking to make sure
> that the string being evaluated is in fact a valid dictionary... Seems
> like pickling is a more secure way to store dictionaries.
yeah, eval() should really be avoided unless you have some way
to guarantee that the string you feed it cannot contain
anything malicious.
--
Paul Winkler
http://www.slinkp.com
More information about the Zope
mailing list