Closes #19061: make shelve security warning consistent between 2.x and 3.x.

author Georg Brandl <georg@python.org>

Sun, 22 Sep 2013 09:43:10 +0000 (11:43 +0200)

committer Georg Brandl <georg@python.org>

Sun, 22 Sep 2013 09:43:10 +0000 (11:43 +0200)
author Georg Brandl <georg@python.org>
Sun, 22 Sep 2013 09:43:10 +0000 (11:43 +0200)
committer Georg Brandl <georg@python.org>
Sun, 22 Sep 2013 09:43:10 +0000 (11:43 +0200)
diff --git a/Doc/library/shelve.rst b/Doc/library/shelve.rst

index ad36b4589691b5d9c5dad96ce036556161164f16..b02f763dc3671bc13950e07bf12ee486e26738e3 100644 (file)
--- a/Doc/library/shelve.rst
+++ b/Doc/library/shelve.rst
@@ -47,9 +47,11 @@ lots of shared  sub-objects.  The keys are ordinary strings.
     Like file objects, shelve objects should be closed explicitly to ensure
     that the persistent data is flushed to disk.
  
-   Since the :mod:`shelve` module stores objects using :mod:`pickle`, the same
-   security precautions apply.  Accordingly, you should avoid loading a shelf
-   from an untrusted source.
+.. warning::
+
+   Because the :mod:`shelve` module is backed by :mod:`pickle`, it is insecure
+   to load a shelf from an untrusted source.  Like with pickle, loading a shelf
+   can execute arbitrary code.
  
  Shelf objects support all methods supported by dictionaries.  This eases the
  transition from dictionary based scripts to those requiring persistent storage.
author	Georg Brandl <georg@python.org>
	Sun, 22 Sep 2013 09:43:10 +0000 (11:43 +0200)
committer	Georg Brandl <georg@python.org>
	Sun, 22 Sep 2013 09:43:10 +0000 (11:43 +0200)