Are HDF5 files safe to open or can they contain malicious scripts? The reason I am asking this is because, I want to know - if I open an h5 model using Keras from an unknown source can I trust it?
Asked
Active
Viewed 390 times
1
-
HDF5 files only contain data -- no scripts or code. Should be safe. – kcw78 Apr 08 '20 at 18:31
-
@kcw78 How is different from pickle files? Pickle files also store data but can introduce malicious scripts while loading. – Nishant Aklecha Apr 08 '20 at 18:41
-
Completely different concept. You can store nearly everything that lives in computer memory in a pickle file. You could think of it as a general memory dump to disk, like a savegame. The HDF file is more like a container of something that you have to define, like a container for 100000 integer numbers and 5000 float numbers. – Joe Apr 08 '20 at 18:52
-
@Joe Thank you! Sorry might be a bit unrelated but is there a way to load secure Sklearn models as the only way to save trained Sklearn models is by using pickle files. LMK if this question requires another question thread. – Nishant Aklecha Apr 08 '20 at 19:00
-
Sorry, I don't get the question? Are you saying that it is only possible to save sklearn models as pickle files? – Joe Apr 08 '20 at 20:35
-
That might be the case: https://scikit-learn.org/stable/modules/model_persistence.html – Joe Apr 08 '20 at 20:36
-
https://machinelearningmastery.com/save-load-machine-learning-models-python-scikit-learn/ he uses pickle – Joe Apr 08 '20 at 20:37
-
https://stackoverflow.com/questions/56107259/how-to-save-a-trained-model-by-scikit-learn – Joe Apr 08 '20 at 20:38
-
@Joe my issue is that like Keras that saves models using HDF5, Sklearn has no safe way for untrusted individuals to provide models. (I raised this issue on SciKit Learn's Github) – Nishant Aklecha Apr 09 '20 at 07:28