non-pickle persistance for dicts?

Ian Kelly ian.g.kelly at gmail.com
Wed May 16 19:07:59 EDT 2012 

On Wed, May 16, 2012 at 4:53 PM, Charles Hixson
<charleshixsn at earthlink.net> wrote:
> On 05/16/2012 03:11 PM, Ian Kelly wrote:
>>>> On Wed, May 16, 2012 at 3:52 PM, Charles Hixson
>> <charleshixsn at earthlink.net>  wrote:
>>>>>>>> I want to persist simple dicts, but due to the security problems with
>>> (un)pickle, I'd prefer to not use shelve, and the only way I could see to
>>> persist them onto sqlite also invoked pickle.
>>>>>> As (un)pickle allows arbitrary system commands to be issued, I'd really
>>> rather just use a simple convert to and from either bytes or strings.
>>>  repr
>>> works well for the conversion into string (I said they were simple), but
>>> I'd
>>> really rather be able to turn "{'a': 'A', 1: 23, 2: ['b', 2]}" back into
>>> a
>>> dict without allowing the execution of arbitrary commands.
>>>>>> Any suggestions?
>>>>>>> Either json, or repr with ast.literal_eval will be safe.
>>>>>>>>>>>>>> import json
>>>>> d = {'a': 'A', 1: 23, 2: ['b', 2]}
>>>>> json.dumps(d)
>>>>>>>>> '{"a": "A", "1": 23, "2": ["b", 2]}'
>>>>>>>>>>>> json.loads(json.dumps(d))
>>>>>>>>> {'a': 'A', '1': 23, '2': ['b', 2]}
>>>>>>>>>>>> import ast
>>>>> ast.literal_eval(repr(d))
>>>>>>>>> {'a': 'A', 1: 23, 2: ['b', 2]}
>>>> Cheers,
>> Ian
>>>>>> Thanks.  It looks like either would do what I need.  Any suggestion as to
> how to choose between them?  E.g., is AST better supported?  faster?  (I'm
> tending towards AST purely because it seems more tied to Python, but of
> course that *could* be a disadvantage, if there were more external tools for
> working with json.)

You pretty much just summed it up. JSON is more portable because it's
a well-known standard with implementations in a lot of different
languages. On the downside, since it essentially involves translating
your data into *JavaScript* literals and back, it's not going to be
quite as faithful. Notice in the example that the numeric dictionary
keys got turned into strings. AST will do a cleaner job since you're
just converting Python objects into Python literals and back, but the
serialized data will only be easily readable using Python.

More information about the Python-list mailing list

AltStyle によって変換されたページ (->オリジナル) /