summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGeorg Brandl <georg@python.org>2010-10-17 09:37:54 (GMT)
committerGeorg Brandl <georg@python.org>2010-10-17 09:37:54 (GMT)
commit7716ca6cdd441de704d51e23491f07259bb8c344 (patch)
tree8c47cc7b2790f17c4c4bb038a20f202a471183f4
parent96115fb2d3513f539d6870349013b3bec87d959f (diff)
downloadcpython-7716ca6cdd441de704d51e23491f07259bb8c344.zip
cpython-7716ca6cdd441de704d51e23491f07259bb8c344.tar.gz
cpython-7716ca6cdd441de704d51e23491f07259bb8c344.tar.bz2
#8855: add shelve security warning.
-rw-r--r--Doc/library/shelve.rst5
1 files changed, 5 insertions, 0 deletions
diff --git a/Doc/library/shelve.rst b/Doc/library/shelve.rst
index 0252597..f5374c9 100644
--- a/Doc/library/shelve.rst
+++ b/Doc/library/shelve.rst
@@ -43,6 +43,11 @@ lots of shared sub-objects. The keys are ordinary strings.
:meth:`close` explicitly when you don't need it any more, or use a
:keyword:`with` statement with :func:`contextlib.closing`.
+.. warning::
+
+ Because the :mod:`shelve` module is backed by :mod:`pickle`, it is insecure
+ to load a shelf from an untrusted source. Like with pickle, loading a shelf
+ can execute arbitrary code.
Shelf objects support all methods supported by dictionaries. This eases the
transition from dictionary based scripts to those requiring persistent storage.