instruction No exceptions and no error handling A pickle stream cannot overwrite or directly read itself using Pickle instructions Strings loaded in pickles do not undergo variable substitution Class instances and their methods cannot be directly referenced Only callables that are present in the top-level of a module are candidates for loading into the PVM
possible Do not save session state on client Use White and Blacklists for classes Yes, manually serialize/ deserialize complex object Authentication+ Encryption DON’T TRUST DATA – VERIFY IT Use sandboxes