Re: Marshal vs pickle...

Lawson English wrote: Marshalling is only briefly mentioned in most python books I have, and "pickling" is declared teh preferred method for serialization. I read somewhere that Marshalling is version-dependent while pickling is not, but can't find that reference. OTOH, pickling can lead to l

Re: Marshal vs pickle...

Lawson English wrote: Marshalling is only briefly mentioned in most python books I have, and "pickling" is declared teh preferred method for serialization. I read somewhere that Marshalling is version-dependent while pickling is not, but can't find that reference. OTOH, pickling can lead to lo

Re: Marshal vs pickle...

Lawson English cox.net> writes: > > Marshalling is only briefly mentioned in most python books I have, and > "pickling" is declared teh preferred method for serialization. > > I read somewhere that Marshalling is version-dependent while pickling is > not, but can't find that reference. OTOH,

Re: Marshal vs pickle...

Lawson English writes: > I read somewhere that Marshalling is version-dependent while pickling > is not, but can't find that reference. It is in the python library docs for the marshal module. -- http://mail.python.org/mailman/listinfo/python-list

Re: Marshal vs pickle...

Hello I've never run into a discussion on pickle vs marshal, but clearly if the point is to exchange data between different clients, or to store it, pickle is the preferred solution, as masrhal is really too low level and its format too unstable. Indeed, the problem of pickle is that at the co

Marshal vs pickle...

Marshalling is only briefly mentioned in most python books I have, and "pickling" is declared teh preferred method for serialization. I read somewhere that Marshalling is version-dependent while pickling is not, but can't find that reference. OTOH, pickling can lead to loading of malicious cod

Re: marshal vs pickle

On Nov 1, 10:12 am, Aaron Watters <[EMAIL PROTECTED]> wrote: > On Oct 31, 6:10 pm, Raymond Hettinger <[EMAIL PROTECTED]> wrote: > > Alright already. Here is the patched file you want > > http://nucular.sourceforge.net/kisstree_pickle.py This file has been removed. After consideration, I don't wa

Re: marshal vs pickle

On Nov 1, 11:42 pm, Paul Rubin wrote: > Aaron Watters <[EMAIL PROTECTED]> writes: > > > >>> marshal.loads('RKp,U\xf7`\xef\xe77\xc1\xea\xd8\xec\xbe\\') > > > Segmentation fault > > >... > > I'll grant you the above as a denial of service attack. ... > > Can you give me

Re: marshal vs pickle

Aaron Watters <[EMAIL PROTECTED]> writes: > > >>> marshal.loads('RKp,U\xf7`\xef\xe77\xc1\xea\xd8\xec\xbe\\') > > Segmentation fault > >... > I'll grant you the above as a denial of service attack. ... > Can you give me an example > where someone can erase the filesystem using marshal.load? Y

Re: marshal vs pickle

On Thu, 01 Nov 2007 21:15:06 -, Aaron Watters <[EMAIL PROTECTED]> wrote: >On Nov 1, 4:59 pm, Jean-Paul Calderone <[EMAIL PROTECTED]> wrote: >> On Thu, 01 Nov 2007 20:35:15 -, Aaron Watters <[EMAIL PROTECTED]> wrote: >> >On Nov 1, 2:15 pm, Raymond Hettinger <[EMAIL PROTECTED]> wrote: >> >> O

Re: marshal vs pickle

On Nov 1, 4:59 pm, Jean-Paul Calderone <[EMAIL PROTECTED]> wrote: > On Thu, 01 Nov 2007 20:35:15 -, Aaron Watters <[EMAIL PROTECTED]> wrote: > >On Nov 1, 2:15 pm, Raymond Hettinger <[EMAIL PROTECTED]> wrote: > >> On Nov 1, 4:45 am, Aaron Watters <[EMAIL PROTECTED]> wrote: > > >> > Marshal is mo

Re: marshal vs pickle

On Thu, 01 Nov 2007 20:35:15 -, Aaron Watters <[EMAIL PROTECTED]> wrote: >On Nov 1, 2:15 pm, Raymond Hettinger <[EMAIL PROTECTED]> wrote: >> On Nov 1, 4:45 am, Aaron Watters <[EMAIL PROTECTED]> wrote: >> >> > Marshal is more secure than pickle >> >> "More" or "less" make little sense in a secur

Re: marshal vs pickle

On Nov 1, 2:15 pm, Raymond Hettinger <[EMAIL PROTECTED]> wrote: > On Nov 1, 4:45 am, Aaron Watters <[EMAIL PROTECTED]> wrote: > > > Marshal is more secure than pickle > > "More" or "less" make little sense in a security context which > typically is an all or nothing affair. Neither module is desig

Re: marshal vs pickle

On Nov 1, 4:45 am, Aaron Watters <[EMAIL PROTECTED]> wrote: > Marshal is more secure than pickle "More" or "less" make little sense in a security context which typically is an all or nothing affair. Neither module is designed for security. From the docs for marshal: ''' Warning: The marshal mod

Re: marshal vs pickle

On Oct 31, 6:10 pm, Raymond Hettinger <[EMAIL PROTECTED]> wrote: > On Oct 31, 12:27 pm, Aaron Watters <[EMAIL PROTECTED]> wrote: > > Makes more sense to use cPickle and be done with it. > > FWIW, I've updated the docs to be absolutely clear on the subject: > > ''' > This is not a general "persisten

Re: marshal vs pickle

On Nov 1, 12:04 am, Paul Rubin wrote: > Raymond Hettinger <[EMAIL PROTECTED]> writes: > > ''' This is not a general "persistence" module. For general > > persistence and transfer of Python objects through RPC calls, see > > the modules :mod:`pickle` and :mod:`shelve`. >

Re: marshal vs pickle

Raymond Hettinger <[EMAIL PROTECTED]> writes: > ''' This is not a general "persistence" module. For general > persistence and transfer of Python objects through RPC calls, see > the modules :mod:`pickle` and :mod:`shelve`. That advice should be removed since Python currently does not have a gene

Re: marshal vs pickle

En Wed, 31 Oct 2007 19:10:48 -0300, Raymond Hettinger <[EMAIL PROTECTED]> escribió: > FWIW, I've updated the docs to be absolutely clear on the subject: As you are into it, the list of supported types should be updated too: > The following types are supported: ``None``, integers, > long > inte

Re: marshal vs pickle

On Oct 31, 12:27 pm, Aaron Watters <[EMAIL PROTECTED]> wrote: > Anyway since it's easy and makes sense I think > the next version of nucular will have a > switchable option between marshal and cPickle > for persistant storage. Makes more sense to use cPickle and be done with it. FWIW, I've update

Re: marshal vs pickle

On Oct 31, 1:37 pm, Raymond Hettinger <[EMAIL PROTECTED]> wrote: > On Oct 31, 6:45 am, Aaron Watters <[EMAIL PROTECTED]> wrote: > > > I like to use > > marshal a lot because it's the absolutely fastest > > way to store and load data to/from Python > > I believe this FUD is somewhat out-of-date

Re: marshal vs pickle

On Oct 31, 6:45 am, Aaron Watters <[EMAIL PROTECTED]> wrote: > I like to use > marshal a lot because it's the absolutely fastest > way to store and load data to/from Python. Furthermore > because marshal is "stupid" the programmer has complete > control. A lot of the overhead you get with the > p

Re: marshal vs pickle

On Oct 31, 3:31 am, "Evan Klitzke" <[EMAIL PROTECTED]> wrote: > Can anyone elaborate more on the difference between marshal and > pickle. In what conditions would using marshal be unsafe? If one can > guarantee that the marshalled objects would be created and read by the > same version of Python, i

Re: marshal vs pickle

Evan Klitzke wrote: > Can anyone elaborate more on the difference between marshal and > pickle. In what conditions would using marshal be unsafe? If one > can guarantee that the marshalled objects would be created and > read by the same version of Python, is that enough? Just use pickle. From the

marshal vs pickle

The documentation for marshal makes it clear that there are no guarantees about being able to correctly deserialize marshalled data structures across Python releases. It also implies that marshal is not a general "persistence" module. On the other hand, the documentation seems to imply that marshal