Raymond Hettinger <[EMAIL PROTECTED]> writes: > ''' This is not a general "persistence" module. For general > persistence and transfer of Python objects through RPC calls, see > the modules :mod:`pickle` and :mod:`shelve`.
That advice should be removed since Python currently does not have a general persistence or transfer module in its stdlib. There's been an open bug/RFE about it for something like 5 years. The issue is that any sensible general purpose RPC mechanism MUST make reasonable security assertions that nothing bad happens if you deserialize untrusted data. The pickle module doesn't make such guarantees and in fact its documentation explicitly warns against unpickling untrusted data. Therefore pickle should not be used as a general RPC mechanism. -- http://mail.python.org/mailman/listinfo/python-list
