On 05/16/2012 03:11 PM, Ian Kelly wrote:
On Wed, May 16, 2012 at 3:52 PM, Charles Hixson
<charleshi...@earthlink.net> wrote:
I want to persist simple dicts, but due to the security problems with
(un)pickle, I'd prefer to not use shelve, and the only way I could see to
persist them onto sqlite also invoked pickle.
As (un)pickle allows arbitrary system commands to be issued, I'd really
rather just use a simple convert to and from either bytes or strings. repr
works well for the conversion into string (I said they were simple), but I'd
really rather be able to turn "{'a': 'A', 1: 23, 2: ['b', 2]}" back into a
dict without allowing the execution of arbitrary commands.
Any suggestions?
Either json, or repr with ast.literal_eval will be safe.
import json
d = {'a': 'A', 1: 23, 2: ['b', 2]}
json.dumps(d)
'{"a": "A", "1": 23, "2": ["b", 2]}'
json.loads(json.dumps(d))
{'a': 'A', '1': 23, '2': ['b', 2]}
import ast
ast.literal_eval(repr(d))
{'a': 'A', 1: 23, 2: ['b', 2]}
Cheers,
Ian
Thanks. It looks like either would do what I need. Any suggestion as
to how to choose between them? E.g., is AST better supported? faster?
(I'm tending towards AST purely because it seems more tied to Python,
but of course that *could* be a disadvantage, if there were more
external tools for working with json.)
--
Charles Hixson
--
http://mail.python.org/mailman/listinfo/python-list
