[Zope] Re: Mysql get/set blob
Tres Seaver
tseaver at zope.com
Sun Nov 21 21:19:37 EST 2004
Paul Winkler wrote:
> On Sun, Nov 21, 2004 at 02:36:36PM -0800, David Siedband wrote:
>
>>I was thinking eval() combined with some sort of checking to make sure
>>that the string being evaluated is in fact a valid dictionary... Seems
>>like pickling is a more secure way to store dictionaries.
>
>
> yeah, eval() should really be avoided unless you have some way
> to guarantee that the string you feed it cannot contain
> anything malicious.
Malicious pickles (now *there's* a band name) can be problematic, too,
but the effort to create one is much higher than to create Python code.
Tres.
--
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
More information about the Zope
mailing list