Have you ever used code to help explain a topic? How can Python scripts be used to understand the intricacies of access control? This week on the show, Christopher Trudeau is here, bringing another batch of PyCoder’s Weekly articles and projects.

Christopher talks about an article that explores the evolution of access control by reimplementing the concepts with Python scripts. The experiment moves across the various access forms, starting with control lists, roles, and attributes, then ending with purpose-based access control (PBAC).

We also cover a post about how to create dangerous pickles. We discuss where malicious code can hide within the serialization process and how decompiling code can be an education tool.

We share several other articles and projects from the Python community, including command line interface (CLI) creation with argparse, HTML and CSS for Python developers, a Python packaging user survey, a visual Python Tkinter GUI creator, a PyScript-based data visualization cookbook, and a project for writing functional test helpers in Django.

Course Spotlight: Serializing Objects With the Python pickle Module

In this course, you’ll learn how you can use the Python pickle module to convert your objects into a stream of bytes that can be saved to a disk or sent over a network. You’ll also learn the security implications of using this process on objects from an untrusted source.

Topics:

• 00:00:00 – Introduction
• 00:02:19 – Python 3.11.0rc2 is now available
• 00:03:45 – HTML and CSS for Python Developers
• 00:08:34 – Evolution of Access Control Explained Through Python
• 00:17:14 – Sponsor: InfluxDB
• 00:18:03 – Dangerous Pickles
• 00:28:08 – Building Command Line Interfaces With argparse
• 00:34:27 – Video Course Spotlight
• 00:35:45 – PyPI.org is running a survey
• 00:49:01 – Visual Python Tkinter GUI Creator
• 00:50:33 – Python Data Visualization Cookbook
• 00:52:06 – django-functest: Helpers for Functional Tests in Django
• 00:57:55 – Thanks and goodbye

Show Links:

• Python Insider: Python 3.11.0rc2 is now available
• HTML and CSS for Python Developers – There’s no way around HTML and CSS when you want to build web apps. Even if you’re not aiming to become a web developer, knowing the basics of HTML and CSS will help you understand the Web better. In this tutorial, you’ll get an introduction to HTML and CSS for Python programmers.
• Evolution of Access Control Explained Through Python – Sometimes, writing code can help you explore and understand concepts. This article shows a history of access controls in software, using Python scripts to reimplement the ideas.
• Dangerous Pickles – A light introduction to the Python pickle protocol, the Pickle Machine, and the construction of malicious pickles. Learn why your code shouldn’t trust arbitrary serialized objects, and discover the dangers of pickle-bombs.
• Building Command Line Interfaces With argparse – In this step-by-step Python video course, you’ll learn how to take your command line Python scripts to the next level by adding a convenient command line interface that you can write with argparse.

Discussion:

• Python Packaging User Survey
• PyPI.org is running a survey on the state of Python packaging | Hacker News

Projects:

• Visual Python Tkinter GUI Creator - Chinese
• Python Data Visualization Cookbook
• django-functest: Helpers for Functional Tests in Django

Additional Links:

• Axess Lab | Alt-texts: The Ultimate Guide
• The Python pickle Module: How to Persist Objects in Python – Real Python
• Understanding pickle in Python | #hsfzxjy#
• The ultimate guide to Python pickle | Snyk
• Pickle’s nine flaws | Ned Batchelder
• pickle — Python object serialization — Python 3.10.7 documentation
• pickletools — Tools for pickle developers — Python 3.10.7 documentation
• argparse — Parser for command-line option | Python 3.10.7 documentation
• Have been testing @pyscript_dev these past few days and finally made something cool. I built an interactive data viz cookbook | Dylan Castillo - Twitter

Support the podcast & join our community of Pythonistas