tag:blogger.com,1999:blog-27648409.post5424550198725894392..comments2023-07-22T06:40:24.412+12:00Comments on Stuff What I Posted: PicklingUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-27648409.post-24731499572700003612010-12-18T15:44:26.537+13:002010-12-18T15:44:26.537+13:00Marius, thanks for the tips. My known use cases a...Marius, thanks for the tips. My known use cases are luckily two deep so do not require more complex logic. If you're using pickle, you're not really going for a secure solution. Personally, the biggest benefit to me is catching when I unintentionally send something across the wire. I'd be curious if you can think of problems with this WRT security though.Richardhttps://www.blogger.com/profile/16059166933270492555noreply@blogger.comtag:blogger.com,1999:blog-27648409.post-65733049421957790012010-12-18T03:54:20.823+13:002010-12-18T03:54:20.823+13:00This seems like a bad idea to rely on this as a se...This seems like a bad idea to rely on this as a security mechanism since you wouldn't be able to tell what all is executed on any access to the pickled object.<br /><br />If you have other motivations such as preventing errors from bugs during event dispatch, than ignore ;-)Chris Greenhttps://www.blogger.com/profile/00312505090885118550noreply@blogger.comtag:blogger.com,1999:blog-27648409.post-18590935795484604262010-12-18T02:12:14.836+13:002010-12-18T02:12:14.836+13:00You're assuming moduleName is 'mod' or...You're assuming moduleName is 'mod' or 'pkg.mod'. That single getattr won't work for 'pkg.subpkg.mod', you need a loop. Or you could use this trick:<br /><br /> mod = __import__(moduleName, globals(), locals(), ['*'])<br /><br />and avoid the need of getattr() altogether.<br /><br />How safe do you think this kind of whitelisting is?Anonymousnoreply@blogger.com