Geek Answers Handbook

Brine: Not safe or fast?

I work on some meager lectures ( http://scipy-lectures.imtqy.com/intro/language/standard_library.html#pickle-easy-persistence ), and I came across this statement about Pickle:

Useful to store arbitrary objects to a file. Not safe or fast!

What do they mean by that? Insecure (according to Pickle docs), as is the case with UnPickle files from an unknown origin or insecure, since the source object is not always extracted from you?

What is the alternative for something safer and faster? I know cPickle is faster, but I donโ€™t think it solves the above definition of a safer one.

Thanks.

+7
python pickle
source share
2 answers

The use of brine in production code is design weak. Arbitrary code can be executed while unpickling. You can safely print only data from reliable sources. Never print data from an untrusted or unauthenticated source.

See here for real sample applications.

As for the faster alternative , the marshal , python internal serialization library. But unlike pickle (or cPickle, which is just an implementation of C), it is less stable (see docs ), and its conclusion is architecture and os independentend, depending on the version of python. This is a Windows platform-oriented object, with the guarantee that python 2.7.5 will be integral to OS X or Ubuntu with python 2.7.5 installed, but cannot be guaranteed to be simplified with python 2.6 on Windows.

Even faster , safer in design, but a less functional alternative to JSON serialization.

+7
source share

The original Pickle module is almost never used.

If you need to do this quickly, use cPickle.

If you need a secure one, try sPickle .

0
source share

More articles:


All Articles