On Nov 1, 4:45 am, Aaron Watters <[EMAIL PROTECTED]> wrote: > Marshal is more secure than pickle
"More" or "less" make little sense in a security context which typically is an all or nothing affair. Neither module is designed for security. From the docs for marshal: ''' Warning: The marshal module is not intended to be secure against erroneous or maliciously constructed data. Never unmarshal data received from an untrusted or unauthenticated source. ''' If security is a focus, then use xmlrpc or some other tool that doesn't construct arbitrary code objects. I don't think you are doing the OP any favors by giving advice in contravention of the docs and against the intended purpose of the two modules. Bjoern's post covered the topic succinctly and accurately. Raymond -- http://mail.python.org/mailman/listinfo/python-list
