![[ChimeraX Issue Tracking System]](/trac/ChimeraX/chrome/site/ChimeraX-icon.svg){kind=icon}
Opened 5 years ago
Closed 5 years ago
#4348 closed defect (fixed)
conference uses notoriously insecure pickle
| Reported by: | Greg Couch | Owned by: | Tom Goddard |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | VR | Version: | |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Notify when closed: | Platform: | all | |
| Project: | ChimeraX |
Description
pickle create objects directly during deserialization and is known to be insecure. See https://nedbatchelder.com/blog/202006/pickles_nine_flaws.html as well as many other published articles.
At least it is not in the session data, but you still need to trust your collaborators more than you should have to.
Change History (2)
comment:1 by , 5 years ago
| Component: | Unassigned → VR |
|---|---|
| Owner: | set to |
| Status: | new → assigned |
comment:2 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Git removed conference. It is not used, never worked, superceded by meeting ssh tunnel support.