[Python-ideas] Adding a safe alternative to pickle in the standard library

[Andrew Barnert]

How often have you needed either cyclic references or the ability to dynamically store arbitrary classes in something like a cookie or a cache file?

It seems to me that when you're trying to do something that would be difficult to do with json (with the new helpers proposed by someone earlier in the thread), you're usually doing something too dangerous to store in a cookie anyway. If someone can construct instances of arbitrary classes, they can run code. If they can't, why did you need pickle?

I realize the overlap is just small, not zero. But I think catering to it could be an attractive nuisance that would lead to more unsafe code rather than less.

It's always easier to preserve safety while adding features to something simple, than to add safety while restricting features in something powerful.

Sorry for the top post.

Sent from a random iPhone

On Feb 21, 2013, at 9:18, Devin Jeanpierre <jeanpierreda at gmail.com> wrote:

> On Thu, Feb 21, 2013 at 10:50 AM, Dustin J. Mitchell <dustin at v.igoro.us> wrote:
>> When you put something in the stdlib and call it "safe", even with caveats,
>> people will make even more brazen mistakes than with a documented-unsafe
>> tool like pickle.
> 
> Then how do we improve on the status quo? The best situation can't
> possibly be one in which the standard serialization tool allows for
> code injection exploits out of the box, by default, and where there is
> no reasonable alternative in the stdlib without such problems.
> 
> To my ears, this objection is like objecting to the inclusion of
> raw_input. Surely people will make even more brazen mistakes with a
> so-called "safe" input method like raw_input, than with a
> documented-unsafe tool like input()?
> 
> -- Devin
> _______________________________________________
> Python-ideas mailing list
> Python-ideas at python.org
> http://mail.python.org/mailman/listinfo/python-ideas