Python's Pickle lib had something similar to safe_load(), that they *removed* be... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ghostganz on Jan 10, 2013 \| parent \| context \| favorite \| on: Metasploit Rails 3 Remote Code Execution Hours Awa... Python's Pickle lib had something similar to safe_load(), that they removed because it gave a false sense of security.

X-Istence on Jan 10, 2013 [–]

If you are accepting pickled objects from a remote and using it ... you are an idiot.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact