diff options
author | Georg Brandl <georg@python.org> | 2010-10-17 09:37:54 (GMT) |
---|---|---|
committer | Georg Brandl <georg@python.org> | 2010-10-17 09:37:54 (GMT) |
commit | 7716ca6cdd441de704d51e23491f07259bb8c344 (patch) | |
tree | 8c47cc7b2790f17c4c4bb038a20f202a471183f4 | |
parent | 96115fb2d3513f539d6870349013b3bec87d959f (diff) | |
download | cpython-7716ca6cdd441de704d51e23491f07259bb8c344.zip cpython-7716ca6cdd441de704d51e23491f07259bb8c344.tar.gz cpython-7716ca6cdd441de704d51e23491f07259bb8c344.tar.bz2 |
#8855: add shelve security warning.
-rw-r--r-- | Doc/library/shelve.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Doc/library/shelve.rst b/Doc/library/shelve.rst index 0252597..f5374c9 100644 --- a/Doc/library/shelve.rst +++ b/Doc/library/shelve.rst @@ -43,6 +43,11 @@ lots of shared sub-objects. The keys are ordinary strings. :meth:`close` explicitly when you don't need it any more, or use a :keyword:`with` statement with :func:`contextlib.closing`. +.. warning:: + + Because the :mod:`shelve` module is backed by :mod:`pickle`, it is insecure + to load a shelf from an untrusted source. Like with pickle, loading a shelf + can execute arbitrary code. Shelf objects support all methods supported by dictionaries. This eases the transition from dictionary based scripts to those requiring persistent storage. |