JSON与Pickle安全性 [英] JSON vs. Pickle security

问题描述

我最近遇到了Python pickle和cPickle模块的安全性问题. 显然，除非您覆盖，否则泡菜中没有实施任何实际的安全措施. 将find_class方法作为基本修改以获取更多安全性.但是我经常 听说JSON更安全.

I recently came across the security problems of the Python pickle and cPickle modules. Obviously, there are no real security measures implemented in pickle unless you overwrite the find_class method as a basic modification to get a bit more security. But I often heard that JSON is more secure.

任何人都可以对此进行详细说明吗?`为什么JSON比pickle更加安全?

Can anyone elaborate a bit on this?`Why is JSON more secure than pickle?

非常感谢！ 标记

推荐答案

json更安全，因为从根本上讲它是有限的. json文档可以编码的唯一python类型是unicode，int，float，NoneType，bool，list和dict.它们以基本琐碎的方式进行编组/解组，不容易受到代码注入攻击.

json is more secure because it's fundamentally more limited. The only python types that a json document can encode are unicode, int, float, NoneType, bool, list and dict. these are marshaled/unmarshalled in a basically trivial fashion that isn't vulnerable to code injection attacks.

这篇关于JSON与Pickle安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！