Alternatives for pickle?

Antoon Pardon apardon at forel.vub.ac.be
Mon Oct 11 10:26:12 CEST 2004


I'm writing a little game, a gridler application, where you
can turn pixmaps into puzzle's and try to solve them. I already
have the data structure for such a puzzle worked out, one of
the problems is writing it to a file and reading it back in.

I first went to the pickle module but there I read this.

| Warning: The pickle module is not intended to be secure against
| erroneous or maliciously constructed data. Never unpickle data
| received from an untrusted or unauthenticated source.

But since this is for a game and people should be able to
exchange puzzles, it seems a heavy requirement to ask of
the users to check a puzzle file for security hazards.


I also thought about writing out a string that, when read
back in and fed to eval would recreate the structure. But
that seems to be just as insecure if not more so.

So how do you serialize data in python, when you want
a somewhat secure mechanisme. Preferably where a user
can make a puzzle file by hand in a text editor.

-- 
Antoon Pardon



More information about the Python-list mailing list