JSON vs. Pickle security

python json pickle

json is more secure because it's fundamentally more limited. The only python types that a json document can encode are unicode, int, float, NoneType, bool, list and dict. these are marshaled/unmarshalled in a basically trivial fashion that isn't vulnerable to code injection attacks.

python json pickle

Pickle's problem is that it will can invoke arbitrary Python code. See http://nadiana.com/python-pickle-insecure for details. The JSON parser only has to create strings, numbers, lists, dicts, and so on. It never creates user-defined classes, so it doesn't need to execute arbitrary Python.

CodeHunter

JSON vs. Pickle security

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last