diff options
author | Federico Caselli <cfederico87@gmail.com> | 2022-11-22 00:07:53 +0100 |
---|---|---|
committer | Federico Caselli <cfederico87@gmail.com> | 2022-11-22 00:07:53 +0100 |
commit | 447249e8628ff849758c1a9cdf822ae060b7cb8b (patch) | |
tree | c00f58b9eea36c3b0590e7005b80c6195a4ac91c | |
parent | 4f0da8f07a9b7e326a1f1c88a4361cd852f1f874 (diff) | |
download | sqlalchemy-447249e8628ff849758c1a9cdf822ae060b7cb8b.tar.gz |
Add security warning to serializer extension
Change-Id: I5c7c076bc93fc250c05f7996e83359d19d1f3214
-rw-r--r-- | lib/sqlalchemy/ext/serializer.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/sqlalchemy/ext/serializer.py b/lib/sqlalchemy/ext/serializer.py index 8d84a1eb0..337b7ab2f 100644 --- a/lib/sqlalchemy/ext/serializer.py +++ b/lib/sqlalchemy/ext/serializer.py @@ -20,6 +20,11 @@ etc. which are referenced by the structure are not persisted in serialized form, but are instead re-associated with the query structure when it is deserialized. +.. warning:: The serializer extension uses pickle to serialize and + deserialize objects, so the same security consideration mentioned + in the `python documentation + <https://docs.python.org/3/library/pickle.html>`_ apply. + Usage is nearly the same as that of the standard Python pickle module:: from sqlalchemy.ext.serializer import loads, dumps |