To pickle or not to pickle
Cecil Westerhof
Cecil at decebal.nl
Fri May 8 10:34:58 EDT 2015
Op Friday 8 May 2015 14:53 CEST schreef Chris Angelico:
> On Fri, May 8, 2015 at 9:55 PM, Cecil Westerhof <Cecil at decebal.nl> wrote:
>> Op Friday 8 May 2015 12:54 CEST schreef Steven D'Aprano:
>>
>>> If your code is only going to be used by yourself, I'd just use
>>> pickle. If you are creating an application for others to use, I
>>> would spend the extra effort to build in support for at least
>>> pickle, JSON and plists, and let the user decide what they prefer.
>>
>> Well, I put it on GitHub, so I hope it is going to be used by
>> others also. ;-) There are other things that are more urgent at the
>> moment, but in the future I will implement JSON and plists then.
>
> But will the pickle files be shared? If not, they're still nice and
> private, and fairly safe. The problem comes when, for instance, you
> have a client Python program that pickles data and sends it over a
> network to a server Python program to be unpickled, because then
> someone could craft a malicious pickle and send it to you to eat. If
> they're only ever saved locally and re-read, there shouldn't be any
> security risk (anyone who could reach in and edit the pickle file
> could probably reach in and change the code anyway).
I would expect not. But I never know what someone else is going to do.
;-)
But in my case there is a Twitter directory with:
quotes.txt
quotes.pickle
tips.txt
tips.pickle
All four files are normally only accessed by the Python program. When
I want to extend the messages I use a text editor to append them.
The .txt files contain messages that can be used. And the .pickle
files contain the ‘recently’ used messages.
When I unpickle quotes.pickle I get:
[25, 112, 4, 18, 41, 2, 81, 75, 28, 60, 105, 47, 84, 65, 103, 42,
13, 66, 55, 124, 6, 82, 76, 12, 61, 113, 119, 96, 3, 68, 11, 89,
98, 107, 118, 29, 57, 33, 88, 121, 110, 49, 90, 72, 87, 114, 43,
59, 8, 92]
Very simple indeed.
--
Cecil Westerhof
Senior Software Engineer
LinkedIn: http://www.linkedin.com/in/cecilwesterhof
More information about the Python-list
mailing list