PyYaml?
Chris S.
chrisks at NOSPAM.udel.edu
Sat Sep 18 01:33:14 EDT 2004
Jeremy Bowers wrote:
> On Sat, 18 Sep 2004 04:20:14 +0000, Chris S. wrote:
>
>
>>Is there any benefit to Pickle over YAML? Given that Pickle is insecure,
>>wouldn't it make more sense to support a secure serialization format,
>>one that's even readable to boot, such as YAML?
>
>
> Anything that can "pickle" will be insecure. It is the capabilities of
> pickling, not the implementation, that is insecure.
I disagree. Pickle's mini programming language allows for arbitrary file
deletion. There's nothing in the concept of serialization that requires
this ability.
More information about the Python-list
mailing list