Don’t Trust a Pickle
▻https://hackernoon.com/dont-trust-a-pickle-a77cb4c9e0e?source=rss----3a8144eabfe3---4
Don’t Trust a PickleIf you are using #python, especially for machine learning, you should be somewhat familiar with the standard library module named pickle. It is used for Python object serialization and comes very handy in wide range of applications. Some objects that you might want to serialize: a trained scikit-learn model, a Pandas DataFrame that you got after a lengthy join of several tables; basically any Python object that consists of heterogeneous data that you might want to quickly load in a new environment in the future (for homogeneous data, like neural network weights or training data tensor, it’s better to use a more suitable format like HDF5).In this article I would like to tell you why you should be very cautious when unpickling an object that you obtained from an untrusted (...)