marshal vs pickle

[Paul Rubin]

Raymond Hettinger <python at rcn.com> writes:
> ''' This is not a general "persistence" module.  For general
> persistence and transfer of Python objects through RPC calls, see
> the modules :mod:`pickle` and :mod:`shelve`. 

That advice should be removed since Python currently does not have a
general persistence or transfer module in its stdlib.  There's been an
open bug/RFE about it for something like 5 years.  The issue is that
any sensible general purpose RPC mechanism MUST make reasonable
security assertions that nothing bad happens if you deserialize
untrusted data.  The pickle module doesn't make such guarantees and in
fact its documentation explicitly warns against unpickling untrusted
data.  Therefore pickle should not be used as a general RPC
mechanism.