Pickle (Python)
Encyclopedia
In the computer programming language Python
, pickle is the standard mechanism for object serialization
; pickling is the common term among Python programmers for serialization (unpickling for deserializing). Pickle uses a simple stack-based virtual machine
that records the instructions used to reconstruct the object. This makes pickle vulnerable to security risks by malformed or maliciously constructed data, that may cause the deserializer to import arbitrary modules and instantiate any object. Also, not all objects can be pickled, especially ones that hold operating system
resources like file handles.
Pickle was originally implemented as the pure Python
There is another Python module that allows to save objects in a file called Cerealizer. Its interface is similar to Pickle; however, Cerealizer is safe.
Python (programming language)
Python is a general-purpose, high-level programming language whose design philosophy emphasizes code readability. Python claims to "[combine] remarkable power with very clear syntax", and its standard library is large and comprehensive...
, pickle is the standard mechanism for object serialization
Serialization
In computer science, in the context of data storage and transmission, serialization is the process of converting a data structure or object state into a format that can be stored and "resurrected" later in the same or another computer environment...
; pickling is the common term among Python programmers for serialization (unpickling for deserializing). Pickle uses a simple stack-based virtual machine
Virtual machine
A virtual machine is a "completely isolated guest operating system installation within a normal host operating system". Modern virtual machines are implemented with either software emulation or hardware virtualization or both together.-VM Definitions:A virtual machine is a software...
that records the instructions used to reconstruct the object. This makes pickle vulnerable to security risks by malformed or maliciously constructed data, that may cause the deserializer to import arbitrary modules and instantiate any object. Also, not all objects can be pickled, especially ones that hold operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
resources like file handles.
Pickle was originally implemented as the pure Python
pickle
module, but the cPickle
module (also a built-in) offers improved performance (up to 1000 times faster).There is another Python module that allows to save objects in a file called Cerealizer. Its interface is similar to Pickle; however, Cerealizer is safe.