I'm working on a game project; more specifically, right now I'm working on
saving and loading the game. As a result, I need to serialize the game
state to a file, and deserialize it later.
To pre-empt some responses, I spent a lot of time thinking about this
before starting, and came to the conclusion that pickle and other similar
automatic [de]serialization libraries were not suitable for this problem.
The sticking point is that these libraries invariably let you put code into
the serialized object, which code is then executed when you deserialize it.
As a result, if you have the deserialization routine in your code, then you
have a security breach. I would rather my users be able to distribute
savefiles without worrying that one of them has been sabotaged to do
something malicious.
Instead, I'm manually serializing to JSON, and manually deserializing. It's
actually working decently well so far. I've hit one minor sticking point
though: numpy array serialization. Of course I'm aware of numpy.tostring(),
but that doesn't preserve type information. And I don't know of a good way
to serialize the type and then deserialize it later.
In other words, basically I want some way to do this:
def serializeArray(data):
type = convert data.dtype to a string?
dataStr = data.tostring()
return "%s:%s" % (type, dataStr)
and then later
def deserializeArray(dataString):
type, dataStr = dataString.split(':')
somehow convert type to a numpy.dtype object?
return numpy.fromstring(dataStr, dtype = type)
How do I do this? I assume it must be possible. I can hack around it by
only supporting a limited number of types that I manually convert to/from
strings (e.g. if dtype is float64, then I store "float64" as the type
string), but that makes the code ugly.
Any advice would be appreciated.
-Chris
