← Back to Knowledge Base← Previous questionNext question →
ProgrammingFullstack Developer

What is serialization and deserialization of objects in Python? Which modules are used for this, when to use pickle and when to use json, and what are their fundamental differences?

Pass interviews with Hintsage AI assistant

Answer.

Serialization is the process of converting an object into a byte stream (or string) to store or transmit it over a network, while deserialization is the reverse operation.

Historically, the main issue in Python was the standardization of the exchange of complex data structures between different applications and languages. For this, various modules were introduced in the standard library: initially, pickle for serializing any Python objects, and later json for universal exchange with external systems.

The problem: pickle stores Python-specific data, is unsafe (can execute arbitrary code upon loading) and is not compatible with other languages, while json is limited to simple types (dict, list, str, int, float, bool, and None) but is safer and widely used for exchange between different technologies.

The solution: use pickle only for trusted data between Python systems; apply json for interaction with external services, web development, and for passing human-readable data structures.

Example code:

import pickle
import json

data = {'a': [1, 2, 3], 'b': True}

# Serialization with pickle
pickled = pickle.dumps(data)  # bytes
unpickled = pickle.loads(pickled)
print(unpickled)

# Serialization with json
jsoned = json.dumps(data)  # string
unjsoned = json.loads(jsoned)
print(unjsoned)

Key features:

  • pickle serializes (almost) any Python objects, but is dangerous and not universal.
  • json serializes only basic types, but is safe and cross-language.
  • Always think about security and the use case.

Trick questions.

Is it safe to use pickle to send HTTP API responses to external systems?

No! pickle is not a standard for data exchange between languages and is extremely unsafe: loading from pickle can execute foreign code. json is much better for external interaction.

Can functions, classes, or lambda functions be serialized in json?

No. json works only with primitive types; functions and classes are not serialized by standard json or most parsers.

Can pickle serialize objects with cyclic references?

Yes, pickle automatically handles most cyclic references, even recursive structures. For json, this is usually a fatal error.

Typical mistakes and anti-patterns

  • Serializing user data from untrusted sources with pickle is a critical vulnerability.
  • Attempting to serialize non-standard types (like datetime) with json without modifications will result in an error.
  • Storing pickle files on a server without security control.

Real-life example

Negative case: Sending pickle objects to client applications for data exchange.
Pros: simple implementation, retains all Python types.
Cons: critically dangerous, cannot interact with other languages.

Positive case: Sending data via json, converting non-standard types using encoders.
Pros: safety, compatibility, flexibility.
Cons: limitation on supported types, may require custom encoder/decoder.