[omniORB] IIOP over HTTP
Nathaniel Smith
njs@pobox.com
Wed Feb 19 22:42:02 2003
On Wed, Feb 19, 2003 at 03:31:04PM -0600, baileyk@schneider.com wrote:
[...]
> One thing I've done is create a generic Python proxy service that can
> record invocation arguments and return values to file for later playback.
> The Python pickle file is just text, so it could easily be sent in an HTTP
> request, along with method name and object identity information.
[...]
Neat idea. You should be aware, though, that unpickling is a
dangerous operation -- a first-order rule of thumb is, don't unpickle
any data that you wouldn't be willing to evaluate as code in the same
context. Unpickling arbitrary data someone sent to your HTTP server
is not secure without some work...
For more information:
http://www.python.org/doc/current/lib/pickle-sec.html
-- Nathaniel
--
"...these, like all words, have single, decontextualized meanings: everyone
knows what each of these words means, everyone knows what constitutes an
instance of each of their referents. Language is fixed. Meaning is
certain. Santa Claus comes down the chimney at midnight on December 24."
-- The Language War, Robin Lakoff
This email may be read aloud.