Y
Hacker News
new
|
ask
|
show
|
jobs
by
jknupp
4504 days ago
Pickle (or any use of eval) is a security risk only if you're using it in the context of untrusted code. Basically any distributed task queue is going to have that risk if it can execute arbitrary code.
1 comments
bagels
4504 days ago
I thought the risk was if the data came from an untrusted source, as it might contain code?
link
jonesetc
4504 days ago
I think shooting it over the network is considered untrusted. Man in the middle becomes a problem.
link