summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFederico Caselli <cfederico87@gmail.com>2022-11-22 00:07:53 +0100
committerFederico Caselli <cfederico87@gmail.com>2022-11-22 00:07:53 +0100
commit447249e8628ff849758c1a9cdf822ae060b7cb8b (patch)
treec00f58b9eea36c3b0590e7005b80c6195a4ac91c
parent4f0da8f07a9b7e326a1f1c88a4361cd852f1f874 (diff)
downloadsqlalchemy-447249e8628ff849758c1a9cdf822ae060b7cb8b.tar.gz
Add security warning to serializer extension
Change-Id: I5c7c076bc93fc250c05f7996e83359d19d1f3214
-rw-r--r--lib/sqlalchemy/ext/serializer.py5
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/sqlalchemy/ext/serializer.py b/lib/sqlalchemy/ext/serializer.py
index 8d84a1eb0..337b7ab2f 100644
--- a/lib/sqlalchemy/ext/serializer.py
+++ b/lib/sqlalchemy/ext/serializer.py
@@ -20,6 +20,11 @@ etc. which are referenced by the structure are not persisted in serialized
form, but are instead re-associated with the query structure
when it is deserialized.
+.. warning:: The serializer extension uses pickle to serialize and
+ deserialize objects, so the same security consideration mentioned
+ in the `python documentation
+ <https://docs.python.org/3/library/pickle.html>`_ apply.
+
Usage is nearly the same as that of the standard Python pickle module::
from sqlalchemy.ext.serializer import loads, dumps