It is common knowledge that pickle is a serious security risk. And yet, vulnerabilities involving that serialisation format keep happening. In the article I shortly describe the issue and appeal to people to stop using pickle.
but pickle still has valid use cases, particularly for storing, caching, or comparing complex objects that formats like JSON or TOML can’t handle well. It ultimately comes down to choosing the right tool for the job, and treating JSON as a direct substitutefor pickle is misleading.
ifiokambrose
1 Comments
but pickle still has valid use cases, particularly for storing, caching, or comparing complex objects that formats like JSON or TOML can’t handle well. It ultimately comes down to choosing the right tool for the job, and treating JSON as a direct substitutefor pickle is misleading.