diff options
Diffstat (limited to 'Doc/lib/libmarshal.tex')
| -rw-r--r-- | Doc/lib/libmarshal.tex | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/Doc/lib/libmarshal.tex b/Doc/lib/libmarshal.tex index 74770fc..f597e84 100644 --- a/Doc/lib/libmarshal.tex +++ b/Doc/lib/libmarshal.tex @@ -26,14 +26,17 @@ mainly to support reading and writing the ``pseudo-compiled'' code for Python modules of \file{.pyc} files. Therefore, the Python maintainers reserve the right to modify the marshal format in backward incompatible ways should the need arise. If you're serializing and -de-serializing Python objects, use the \module{pickle} module. There -may also be unknown security problems with -\module{marshal}\footnote{As opposed to the known security issues in -the \module{pickle} module!}. +de-serializing Python objects, use the \module{pickle} module instead. \refstmodindex{pickle} \refstmodindex{shelve} \obindex{code} +\begin{notice}[warning] +The \module{marshal} module is not intended to be secure against +erroneous or maliciously constructed data. Never unmarshal data +received from an untrusted or unauthenticated source. +\end{notice} + Not all Python object types are supported; in general, only objects whose value is independent from a particular invocation of Python can be written and read by this module. The following types are supported: |