Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I recently came across the security problems of the Python pickle and cPickle modules.
Obviously, there are no real security measures implemented in pickle unless you overwrite
the find_class method as a basic modification to get a bit more security. But I often
heard that JSON is more secure.
Can anyone elaborate a bit on this?`Why is JSON more secure than pickle?
Thanks a lot!
Mark
json is more secure because it’s fundamentally more limited. The only python types that a json document can encode are
unicode,int,float,NoneType,bool,listanddict. these are marshaled/unmarshalled in a basically trivial fashion that isn’t vulnerable to code injection attacks.