Added information about pickle security and SocketHandler.

author Vinay Sajip <vinay_sajip@yahoo.co.uk>

Tue, 29 Jun 2010 15:13:14 +0000 (15:13 +0000)

committer Vinay Sajip <vinay_sajip@yahoo.co.uk>

Tue, 29 Jun 2010 15:13:14 +0000 (15:13 +0000)
author Vinay Sajip <vinay_sajip@yahoo.co.uk>
Tue, 29 Jun 2010 15:13:14 +0000 (15:13 +0000)
committer Vinay Sajip <vinay_sajip@yahoo.co.uk>
Tue, 29 Jun 2010 15:13:14 +0000 (15:13 +0000)
diff --git a/Doc/library/logging.rst b/Doc/library/logging.rst

index 16b3e7280e27e3838d7016661e32ef24082e3d2d..fbb0935680d5a03eb75fc858a5e52513180f329f 100644 (file)
--- a/Doc/library/logging.rst
+++ b/Doc/library/logging.rst
@@ -2039,6 +2039,11 @@ sends logging output to a network socket. The base class uses a TCP socket.
        Pickles the record's attribute dictionary in binary format with a length
        prefix, and returns it ready for transmission across the socket.
  
+      Note that pickles aren't completely secure. If you are concerned about
+      security, you may want to override this method to implement a more secure
+      mechanism. For example, you can sign pickles using HMAC and then verify
+      them on the receiving end, or alternatively you can disable unpickling of
+      global objects on the receiving end.
  
     .. method:: send(packet)
author	Vinay Sajip <vinay_sajip@yahoo.co.uk>
	Tue, 29 Jun 2010 15:13:14 +0000 (15:13 +0000)
committer	Vinay Sajip <vinay_sajip@yahoo.co.uk>
	Tue, 29 Jun 2010 15:13:14 +0000 (15:13 +0000)