[Python-ideas] Adding a safe alternative to pickle in the standard library

[Andrew Barnert]

On Feb 22, 2013, at 5:26, Devin Jeanpierre <jeanpierreda at gmail.com> wrote:

>> Well, we've already gone as far as json, which is pretty powerful (but
>> still subject to attacks using "relatively secure" json to transport
>> "insecure" data!)
> 
> Of course a serialization library can't protect against
> eval(deserialize(foo)) running arbitrary code. That doesn't mean we
> shouldn't bother with security.

The difference is that json.loads is just deserialize(foo), which pickle.loads inherently has some eval mixed in.

That's why I think for most use cases, the answer is making json easier to extend, not making pickle easier to secure.

The biggest problem people have with the json library isn't that you have to do the extending explicitly and externally, but that it's a huge pain to do so. There was a suggestion earlier in this thread (I forget the author) that would go a long way toward relieving that pain.

Some people also want it to be implicitly extensible, to have some way to create an instance of a new empty class named Foo with given attributes (but not an existing builtin or user-defined class named Foo). I'm not sure what their use case is, and I'm not sure it's a good idea--but if it is, there was also a suggestion for that.