Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #90163

Re: To pickle or not to pickle

References <87h9rnz8yy.fsf@Equus.decebal.nl> <554c95df$0$12988$c3e8da3$5496439d@news.astraweb.com> <878uczz3ks.fsf@Equus.decebal.nl>
Date 2015-05-08 22:53 +1000
Subject Re: To pickle or not to pickle
From Chris Angelico <rosuav@gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.246.1431089615.12865.python-list@python.org> (permalink)

Show all headers | View raw

On Fri, May 8, 2015 at 9:55 PM, Cecil Westerhof <Cecil@decebal.nl> wrote:
> Op Friday 8 May 2015 12:54 CEST schreef Steven D'Aprano:
>
>> If your code is only going to be used by yourself, I'd just use
>> pickle. If you are creating an application for others to use, I
>> would spend the extra effort to build in support for at least
>> pickle, JSON and plists, and let the user decide what they prefer.
>
> Well, I put it on GitHub, so I hope it is going to be used by others
> also. ;-) There are other things that are more urgent at the moment,
> but in the future I will implement JSON and plists then.

But will the pickle files be shared? If not, they're still nice and
private, and fairly safe. The problem comes when, for instance, you
have a client Python program that pickles data and sends it over a
network to a server Python program to be unpickled, because then
someone could craft a malicious pickle and send it to you to eat. If
they're only ever saved locally and re-read, there shouldn't be any
security risk (anyone who could reach in and edit the pickle file
could probably reach in and change the code anyway).

That said, if your needs are sufficiently simple, it may be worth
using something plain text just for the debuggability.

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

To pickle or not to pickle Cecil Westerhof <Cecil@decebal.nl> - 2015-05-08 11:58 +0200
  Re: To pickle or not to pickle Peter Otten <__peter__@web.de> - 2015-05-08 12:32 +0200
    Re: To pickle or not to pickle Cecil Westerhof <Cecil@decebal.nl> - 2015-05-08 13:51 +0200
    Re: To pickle or not to pickle Irmen de Jong <irmen.NOSPAM@xs4all.nl> - 2015-05-08 19:11 +0200
  Re: To pickle or not to pickle Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-05-08 20:54 +1000
    Re: To pickle or not to pickle Cecil Westerhof <Cecil@decebal.nl> - 2015-05-08 13:55 +0200
      Re: To pickle or not to pickle Chris Angelico <rosuav@gmail.com> - 2015-05-08 22:53 +1000
        Re: To pickle or not to pickle Cecil Westerhof <Cecil@decebal.nl> - 2015-05-08 16:34 +0200
          Re: To pickle or not to pickle Chris Angelico <rosuav@gmail.com> - 2015-05-09 01:11 +1000
            Re: To pickle or not to pickle Cecil Westerhof <Cecil@decebal.nl> - 2015-05-08 18:43 +0200
  Re: To pickle or not to pickle Cem Karan <cfkaran2@gmail.com> - 2015-05-08 06:27 -0400

csiph-web