Added information about pickle security and SocketHandler.

author: Vinay Sajip <vinay_sajip@yahoo.co.uk> 2010-06-29 15:13:14 (GMT)
committer: Vinay Sajip <vinay_sajip@yahoo.co.uk> 2010-06-29 15:13:14 (GMT)
commit: 86aa90539b1fc388b8daca8c014bcda93f00d305 (patch)
tree: a089172ceb9a19b9aed2284108ab623220a75ff9 /Doc/library
parent: 1c919a64ed805137ae8eae07800b53d7befa161e (diff)
download: cpython-86aa90539b1fc388b8daca8c014bcda93f00d305.zip
cpython-86aa90539b1fc388b8daca8c014bcda93f00d305.tar.gz
cpython-86aa90539b1fc388b8daca8c014bcda93f00d305.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/Doc/library/logging.rst b/Doc/library/logging.rst
index 16b3e72..fbb0935 100644
--- a/Doc/library/logging.rst
+++ b/Doc/library/logging.rst
@@ -2039,6 +2039,11 @@ sends logging output to a network socket. The base class uses a TCP socket.
       Pickles the record's attribute dictionary in binary format with a length
       prefix, and returns it ready for transmission across the socket.
 
+      Note that pickles aren't completely secure. If you are concerned about
+      security, you may want to override this method to implement a more secure
+      mechanism. For example, you can sign pickles using HMAC and then verify
+      them on the receiving end, or alternatively you can disable unpickling of
+      global objects on the receiving end.
 
    .. method:: send(packet)
author	Vinay Sajip <vinay_sajip@yahoo.co.uk>	2010-06-29 15:13:14 (GMT)
committer	Vinay Sajip <vinay_sajip@yahoo.co.uk>	2010-06-29 15:13:14 (GMT)
commit	86aa90539b1fc388b8daca8c014bcda93f00d305 (patch)
tree	a089172ceb9a19b9aed2284108ab623220a75ff9 /Doc/library
parent	1c919a64ed805137ae8eae07800b53d7befa161e (diff)
download	cpython-86aa90539b1fc388b8daca8c014bcda93f00d305.zip cpython-86aa90539b1fc388b8daca8c014bcda93f00d305.tar.gz cpython-86aa90539b1fc388b8daca8c014bcda93f00d305.tar.bz2