marshal vs pickle
Paul Rubin
http
Thu Nov 1 00:04:20 EDT 2007
More information about the Python-list mailing list
Thu Nov 1 00:04:20 EDT 2007
- Previous message (by thread): marshal vs pickle
- Next message (by thread): marshal vs pickle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Raymond Hettinger <python at rcn.com> writes: > ''' This is not a general "persistence" module. For general > persistence and transfer of Python objects through RPC calls, see > the modules :mod:`pickle` and :mod:`shelve`. That advice should be removed since Python currently does not have a general persistence or transfer module in its stdlib. There's been an open bug/RFE about it for something like 5 years. The issue is that any sensible general purpose RPC mechanism MUST make reasonable security assertions that nothing bad happens if you deserialize untrusted data. The pickle module doesn't make such guarantees and in fact its documentation explicitly warns against unpickling untrusted data. Therefore pickle should not be used as a general RPC mechanism.
- Previous message (by thread): marshal vs pickle
- Next message (by thread): marshal vs pickle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list