Marshal vs pickle...
Benjamin Peterson
benjamin at python.org
Sat Apr 25 16:58:27 EDT 2009
Lawson English <lenglish5 <at> cox.net> writes:
>
> Marshalling is only briefly mentioned in most python books I have, and
> "pickling" is declared teh preferred method for serialization.
>
> I read somewhere that Marshalling is version-dependent while pickling is
> not, but can't find that reference. OTOH, pickling can lead to loading
> of malicious code (I understand) while marshalling only handles basic
> Python types?
marshal isn't any more secure than pickle is.
>
> Could anyone point me to a reasonable discussion of the pros and cons of
> each method for serialization?
The Python developers can change the marshal format at will, so the only reason
I can think of you should use marshal is for serializing and unserializing data
during the runtime of your program.
More information about the Python-list
mailing list