adalke at mindspring.com
Sun Sep 19 17:26:56 CEST 2004
Chris S. wrote:
> I agree completely, although I've been surprised by the general lack of
> interest around here. You'd think a more secure, portable, and readable
> serialization format would be welcomed with open arms, yet most of the
> comments I've read past and present have been almost hostile.
YAML and pickles address two different but related domains.
Pickle attempts to serialize and deserialize arbitrary
Python data structures. YAML serializes a subset of the
data structures that can be made portable, with it seems
some hooks for new datatypes.
Here's a test. Can you do the following in YAML and do
so securely? (Untested code.)
def __init__(self, filename, yes_really = False):
self.filename = filename
self.yes_really = yes_really
def __eq__(self, other):
return (self.filename == other.filename and
self.yes_really == other.yes_really)
def __del__(self, remove = os.remove):
# this works for pickle. Does it work for YAML?
x = DeleteFile("/path/to/important/file")
... store 'x' to YAML file ...
y = ... read from YAML file
assert x == y
# This is insecure in pickle. Would YAML be secure?
z = ... read artibtrary YAML file which may have a
DeleteFile where 'yes_really' is True ...
Or what about support for multiple inheritance?
def __init__(self, a, b):
self.a = a
self.b = b
print "The", self.a, "says", self.b
def __init__(self, x):
self.x = x
print self.x, "is spelled", "-".join(list(self.x))
class Child(Base1, Base2):
def __init___(self, a, b):
Base1.__init__(self, a, b)
self.z = datetime.datetime.now()
kid = Child("goat", "baaaaa")
... save 'kid' to YAML ...
animal = ... read that YAML file ...
In either case, how in the world is it portable?
dalke at dalkescientific.com
More information about the Python-list