The Real Python Podcast

Explaining Access Control Using Python & Cautiously Handling Pickles

Listen Later

Have you ever used code to help explain a topic? How can Python scripts be used to understand the intricacies of access control? This week on the show, Christopher Trudeau is here, bringing another batch of PyCoder’s Weekly articles and projects.

Christopher talks about an article that explores the evolution of access control by reimplementing the concepts with Python scripts. The experiment moves across the various access forms, starting with control lists, roles, and attributes, then ending with purpose-based access control (PBAC).

We also cover a post about how to create dangerous pickles. We discuss where malicious code can hide within the serialization process and how decompiling code can be an education tool.

We share several other articles and projects from the Python community, including command line interface (CLI) creation with argparse, HTML and CSS for Python developers, a Python packaging user survey, a visual Python Tkinter GUI creator, a PyScript-based data visualization cookbook, and a project for writing functional test helpers in Django.

Course Spotlight: Serializing Objects With the Python pickle Module

In this course, you’ll learn how you can use the Python pickle module to convert your objects into a stream of bytes that can be saved to a disk or sent over a network. You’ll also learn the security implications of using this process on objects from an untrusted source.

Topics:

  • 00:00:00 – Introduction
  • 00:02:19 – Python 3.11.0rc2 is now available
  • 00:03:45 – HTML and CSS for Python Developers
  • 00:08:34 – Evolution of Access Control Explained Through Python
  • 00:17:14 – Sponsor: InfluxDB
  • 00:18:03 – Dangerous Pickles
  • 00:28:08 – Building Command Line Interfaces With argparse
  • 00:34:27 – Video Course Spotlight
  • 00:35:45 – PyPI.org is running a survey
  • 00:49:01 – Visual Python Tkinter GUI Creator
  • 00:50:33 – Python Data Visualization Cookbook
  • 00:52:06 – django-functest: Helpers for Functional Tests in Django
  • 00:57:55 – Thanks and goodbye

    • Show Links:

    • Python Insider: Python 3.11.0rc2 is now available
    • HTML and CSS for Python Developers – There’s no way around HTML and CSS when you want to build web apps. Even if you’re not aiming to become a web developer, knowing the basics of HTML and CSS will help you understand the Web better. In this tutorial, you’ll get an introduction to HTML and CSS for Python programmers.
    • Evolution of Access Control Explained Through Python – Sometimes, writing code can help you explore and understand concepts. This article shows a history of access controls in software, using Python scripts to reimplement the ideas.
    • Dangerous Pickles – A light introduction to the Python pickle protocol, the Pickle Machine, and the construction of malicious pickles. Learn why your code shouldn’t trust arbitrary serialized objects, and discover the dangers of pickle-bombs.
    • Building Command Line Interfaces With argparse – In this step-by-step Python video course, you’ll learn how to take your command line Python scripts to the next level by adding a convenient command line interface that you can write with argparse.

      • Discussion:

      • Python Packaging User Survey
      • PyPI.org is running a survey on the state of Python packaging | Hacker News

        • Projects:

        • Visual Python Tkinter GUI Creator - Chinese
        • Python Data Visualization Cookbook
        • django-functest: Helpers for Functional Tests in Django

          • Additional Links:

          • Axess Lab | Alt-texts: The Ultimate Guide
          • The Python pickle Module: How to Persist Objects in Python – Real Python
          • Understanding pickle in Python | #hsfzxjy#
          • The ultimate guide to Python pickle | Snyk
          • Pickle’s nine flaws | Ned Batchelder
          • pickle — Python object serialization — Python 3.10.7 documentation
          • pickletools — Tools for pickle developers — Python 3.10.7 documentation
          • argparse — Parser for command-line option | Python 3.10.7 documentation
          • Have been testing @pyscript_dev these past few days and finally made something cool. I built an interactive data viz cookbook | Dylan Castillo - Twitter

            • Level up your Python skills with our expert-led courses:

            • Grow Your Python Portfolio With 13 Intermediate Project Ideas
            • Building Command Line Interfaces With argparse
            • Serializing Objects With the Python pickle Module

              • Support the podcast & join our community of Pythonistas

              ...more
              View all episodesView all episodes
              Download on the App Store
              The Real Python PodcastBy Real Python
              • 4.7
              • 4.7
              • 4.7
              • 4.7
              • 4.7

              4.7

              139 ratings

              More shows like The Real Python Podcast

              View all
              The Changelog: Software Development, Open Source by Changelog Media

              The Changelog: Software Development, Open Source

              288 Listeners

              Software Engineering Daily by Software Engineering Daily

              Software Engineering Daily

              625 Listeners

              Talk Python To Me by Michael Kennedy

              Talk Python To Me

              579 Listeners

              Soft Skills Engineering by Jamison Dance and Dave Smith

              Soft Skills Engineering

              289 Listeners

              Super Data Science: ML & AI Podcast with Jon Krohn by Jon Krohn

              Super Data Science: ML & AI Podcast with Jon Krohn

              302 Listeners

              Python Bytes by Michael Kennedy and Brian Okken

              Python Bytes

              213 Listeners

              Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

              Syntax - Tasty Web Development Treats

              988 Listeners

              Darknet Diaries by Jack Rhysider

              Darknet Diaries

              8,088 Listeners

              Tech Brew Ride Home by Morning Brew

              Tech Brew Ride Home

              969 Listeners

              Practical AI by Practical AI LLC

              Practical AI

              200 Listeners

              AWS Podcast by Amazon Web Services

              AWS Podcast

              207 Listeners

              Django Chat by William Vincent and Carlton Gibson

              Django Chat

              75 Listeners

              Last Week in AI by Skynet Today

              Last Week in AI

              310 Listeners

              Machine Learning Street Talk (MLST) by Machine Learning Street Talk (MLST)

              Machine Learning Street Talk (MLST)

              100 Listeners

              The Pragmatic Engineer by Gergely Orosz

              The Pragmatic Engineer

              70 Listeners