Re: pickle alternative
- From: Andrew Dalke <dalke@xxxxxxxxxxxxxxxxxxx>
- Date: Tue, 31 May 2005 07:58:39 GMT
simonwittber wrote:
>>>From the marhal documentation:
> Warning: The marshal module is not intended to be secure against
> erroneous or maliciously constructed data. Never unmarshal data
> received from an untrusted or unauthenticated source.
Ahh, I had forgotten that. Though I can't recall what an attack
might be, I think it's because the C code hasn't been fully vetted
for unexpected error conditions.
> Any idea how this might be solved? The number of bytes used has to be
> consistent across platforms. I guess this means I cannot use the struct
> module?
How do you want to solve it? Should a 64 bit machine be able to read
a data stream made on a 32 bit machine? What about vice versa? How
are floats interconverted?
You could preface the output stream with a description of the encoding
used: version number, size of float, size of int (which should always
be sizeof float these days, I think). Read these then use that
information to figure out which decode/dispatch function to use.
Andrew
dalke@xxxxxxxxxxxxxxxxxxx
.
- Follow-Ups:
- Re: pickle alternative
- From: simonwittber
- Re: pickle alternative
- References:
- pickle alternative
- From: simonwittber
- Re: pickle alternative
- From: Andrew Dalke
- Re: pickle alternative
- From: simonwittber
- pickle alternative
- Prev by Date: Re: write to the same file from multiple processes at the same time?
- Next by Date: Re: [ANN] IPython 0.6.14.
- Previous by thread: Re: pickle alternative
- Next by thread: Re: pickle alternative
- Index(es):
Relevant Pages
|
