Insecure Pickling

[Paul Rubin]

surferjeff at gmail.com (Jeff) writes:
> However, it is so insecure it can hardly ever be used.  How often can
> you truly trust the think you're unpickling?

If it's a pickle you created yourself and nobody else has had a chance
to tamper with, then it's presumably trustworthy.

> Has anyone seen a secure pickle alternative?

I think anything with the amount of flexibility that pickles have is
inherently insecure.  But there are certainly lots of serialization
formats with less flexibility and more security.