I recently came across the security problems of the Python pickle and cPickle modules.
Obviously, there are no real security measures implemented in pickle unless you overwrite
the find_class method as a basic modification to get a bit more security. But I often
heard that JSON is more secure.
Can anyone elaborate a bit on this?`Why is JSON more secure than pickle?
Thanks a lot!
Mark
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…