sorry i didn't elaborate, it isn't a question of signing requests, kirubakaran posted a link below that explains the basics (unpickling can create objects and run potentially harmful methods)
depending on what you are sending there are several alternatives for serializing data. there are a handful of json libraries to take a look at and some good benchmarks if you google for them.
> sorry i didn't elaborate, it isn't a question of signing requests, kirubakaran posted a link below that explains the basics (unpickling can create objects and run potentially harmful methods)
Parent poster meant signing the pickled data as a text stream, not as a collection of unserialized python objects. If the signatures don't match, you just discard the data, and don't unpickle it.
This guarantees that (as long as your keys aren't compromised, and your signing algorithm is unbroken) you will never unpickle tampered-with data.
