在我的Python程序中,我使用了Pickle模块来保存用户定义,然后在下次运行程序时将它们加载回来.现在我从Python Wiki网站上的UsingPickle文章中了解到,Pickle文件很可能被黑客攻击等等,使其变得不安全.
我注意到Pickle文件通常只留在Python脚本所在的目录中.有没有办法让这些文件更安全,远离视线?如果是这样,当在安装脚本中包含Pickle文件时,这会如何影响我在脚本上使用cx_Freeze?
import pickle terms = pickle.load(open("save.p", "rb")) def print_menu(): print('Computing Terms') print() print('0. Quit') print('1. Look Up a Term') print('2. Add a Term') print('3. Redefine a Term') print('4. Delete a Term') print('5. Display All Terms') while True: print_menu() print() choice = input('Choice: ') if choice == '0': break elif choice == '1': print('\n') term = input('Type in a term you wish to see: ') if term in terms: definition = terms[term] print('\n') print(term, '-', definition, '\n') print() print('----------------------------------------------------------------') print() print() else: print('This term does not exist. Try adding it instead.\n') print() print('----------------------------------------------------------------') print() print() elif choice == '2': print('\n') term = input('What term would you like to add?: ') if term not in terms: print('\n') definition = input('What\'s the definition?: ') terms[term] = definition pickle.dump(terms, open("save.p", "wb")) print('\n') print(term, 'has been added.\n') print() print('----------------------------------------------------------------') print() print() else: print('\n') print('Term already exists, try redefining it instead.\n') print() print('----------------------------------------------------------------') print() print() elif choice == '3': print('\n') term = input('Which term do you want to redefine?: ') if term in terms: definition = input('What\'s the new definition?: ') terms[term] = definition pickle.dump(terms, open("save.p", "wb")) print('\n') print(term, 'has been redefined.\n') print() print('----------------------------------------------------------------') print() print() else: print('\n') print('That term doesn\'t exist, try adding it instead.') print() print('----------------------------------------------------------------') print() print() elif choice == '4': print('\n') term = input('Which term would you like to delete?: ') if term in terms: del terms[term] pickle.dump(terms, open("save.p", "wb")) print('\n') print('The term has been deleted.\n') print() print('----------------------------------------------------------------') print() print() else: print('\n') print('This term doesn\'t exist.') print() print('----------------------------------------------------------------') print() print() elif choice == '5': print('\n') print('The terms available are: ') print() for term in sorted(terms): print(term) print() print() print('----------------------------------------------------------------') print() print() else: print('\n') print('Sorry, but ', choice, ' is not a valid choice.\n') print() print('----------------------------------------------------------------') print() print()
tyteen4a03.. 5
如果您担心的是用户能够轻松地将任意代码注入到程序中,那么最好的办法是切换到另一种存储格式,该格式只存储您想要的数据类型,例如JSON,XML,MsgPack等.
如果您担心的是用户能够轻松更改值并因此破坏程序逻辑(例如在游戏中作弊),则应考虑加密用户定义文件.
给客户的任何东西都应该被认为是不安全的.您应始终在加载时验证数据.
如果您担心的是用户能够轻松地将任意代码注入到程序中,那么最好的办法是切换到另一种存储格式,该格式只存储您想要的数据类型,例如JSON,XML,MsgPack等.
如果您担心的是用户能够轻松更改值并因此破坏程序逻辑(例如在游戏中作弊),则应考虑加密用户定义文件.
给客户的任何东西都应该被认为是不安全的.您应始终在加载时验证数据.