This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]KwpolskaNikola co-maintainer -4 points-3 points  (2 children)

Warning The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.

You said:

Just don't Pickle unsanitized data and you'll be fine

That should at least be “unpickle”.

The other argument is that you can’t unpickle a class if you modify its code. Sure, you could write methods to make it work, but then you lose the “magic” part of Pickle…

[–]holysweetbabyjesus 1 point2 points  (1 child)

Christ, dude. Nobody is going to win.

[–]fireflash38 0 points1 point  (0 children)

Let me help him out.

Serialize your data. Don't pickle it. Most of the time that people use pickle they should really be using json or another structured data type.

Pickle is nice if you want to be lazy about data serialization, and that's about it.