O'Reilly logo
  • David Neufeld thinks this is interesting:

f you really want to store native Python objects, but you can’t trust the source of the data in the file, Python’s standard library pickle module is ideal


Cover of Learning Python, 5th Edition


Not True. Pickled data is vulnerable to code injection upon unpickling. This is a known Python security risk that is highlighted in the Python documentation for Pickle.