#8855: add shelve security warning.

author Georg Brandl <georg@python.org>

Sun, 17 Oct 2010 09:37:54 +0000 (09:37 +0000)

committer Georg Brandl <georg@python.org>

Sun, 17 Oct 2010 09:37:54 +0000 (09:37 +0000)
author Georg Brandl <georg@python.org>
Sun, 17 Oct 2010 09:37:54 +0000 (09:37 +0000)
committer Georg Brandl <georg@python.org>
Sun, 17 Oct 2010 09:37:54 +0000 (09:37 +0000)
diff --git a/Doc/library/shelve.rst b/Doc/library/shelve.rst

index 025259710b5bdfbf3280b2ec35727e1d2814259b..f5374c9ed7fe480f3cf4462ad87bc384afc9cce8 100644 (file)
--- a/Doc/library/shelve.rst
+++ b/Doc/library/shelve.rst
@@ -43,6 +43,11 @@ lots of shared  sub-objects.  The keys are ordinary strings.
        :meth:`close` explicitly when you don't need it any more, or use a
        :keyword:`with` statement with :func:`contextlib.closing`.
  
+.. warning::
+
+   Because the :mod:`shelve` module is backed by :mod:`pickle`, it is insecure
+   to load a shelf from an untrusted source.  Like with pickle, loading a shelf
+   can execute arbitrary code.
  
  Shelf objects support all methods supported by dictionaries.  This eases the
  transition from dictionary based scripts to those requiring persistent storage.
author	Georg Brandl <georg@python.org>
	Sun, 17 Oct 2010 09:37:54 +0000 (09:37 +0000)
committer	Georg Brandl <georg@python.org>
	Sun, 17 Oct 2010 09:37:54 +0000 (09:37 +0000)