|
|
|
|
|
|
by IanCal
3669 days ago
|
|
|
My rather poorly made point is that whether it's a security problem or not depends on what you're using pickle for. My typical use case is simply as a local cache for some slow computation in ad-hoc scripts. Being able to simply dump objects and load them back again without needing to write serialisation code is a great timesaver, and the only ways I can see that causing a security problem rely on an attacker already having significantly more access to begin with. I don't like people making such strong statements about what others should and should not do, based on issues in some situations. |
|
|