I just setup my first instance of Celery and I am getting warnings to disable pickle as a serializer for security concerns. What is the consequence of turning it off? What is it that Celery needs the serialzer for?
If you depend on pickle then you should set a setting to disable this warning and to be sure that everything will continue working when you upgrade to Celery 3.2::
CELERY_ACCEPT_CONTENT = ['pickle', 'json', 'msgpack', 'yaml']
apply_async(args[, kwargs[, …]]) Sends a task message. delay(*args, **kwargs) Shortcut to send a task message, but doesn't support execution options. calling ( __call__ )
The server is now running on port 6379 (the default port). Leave it running on a separate terminal. We would need two other new terminal tabs to be able to run the web server and the Celery worker later.
From http://celery.readthedocs.org/en/latest/faq.html#is-celery-dependent-on-pickle:
The default serialization format is pickle simply because it is convenient (it supports sending complex Python objects as task arguments).
Whether you will use pickle or not you may want to turn off this warning by setting the CELERY_ACCEPT_CONTENT
configuration variable.
In case you don't use Python objects as arguments in your tasks you should consider using safe e.g. json serialization format.
Another limitation of pickle is no task results - see http://docs.celeryproject.org/en/latest/faq.html#isn-t-using-pickle-a-security-concern:
For the task messages you can set the CELERY_TASK_SERIALIZER setting to “json” or “yaml” instead of pickle. There is currently no alternative solution for task results (but writing a custom result backend using JSON is a simple task)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With