Marshal vs pickle...

Pascal Chambon chambon.pascal at wanadoo.fr
Sat Apr 25 22:03:58 CEST 2009


Hello

I've never run into a discussion on pickle vs marshal, but clearly if 
the point is to exchange data between different clients, or to store it, 
pickle is the preferred solution, as masrhal is really too low level and 
its format too unstable.
Indeed, the problem of pickle is that at the contrary, it transmits too 
much information, including executable code, etc, so it's a security risk.

If you only need to transmit data, like objects (without their methods), 
arrays, dicts etc. over networks or time, I'd advise a dedicated 
solution like json or xml, for which python as easy serializers.

Regards,
Pascal



Lawson English a écrit :
>
> Marshalling is only briefly mentioned in most python books I have, and 
> "pickling" is declared teh preferred method for serialization.
>
> I read somewhere that Marshalling is version-dependent while pickling 
> is not, but can't find that reference. OTOH, pickling can lead to 
> loading of malicious code (I understand) while marshalling only 
> handles basic Python types?
>
>
> Could anyone point me to a reasonable discussion of the pros and cons 
> of each method for serialization?
>
>
> Thanks.
>
>
> Lawson
> -- 
> http://mail.python.org/mailman/listinfo/python-list
>
>





More information about the Python-list mailing list