[Python-Dev] Cookie.py security
A.M. Kuchling
akuchlin@mems-exchange.org
Wed, 30 Aug 2000 09:26:20 -0400
[CC'ed to python-dev and Tim O'Malley]
The Cookie module recently added to 2.0 provides 3 classes of Cookie:
SimpleCookie, which treats cookie values as simple strings,
SerialCookie, which treats cookie values as pickles and unpickles them,
and SmartCookie which figures out if the value is a pickle or not.
Unpickling untrusted data is unsafe. (Correct?) Therefore,
SerialCookie and SmartCookie really shouldn't be used, and Moshe's
docs for the module say so.
Question: should SerialCookie and SmartCookie be removed? If they're
not there, people won't accidentally use them because they didn't read
the docs and missed the warning.
Con: breaks backward compatibility with the existing cookie module and
forks the code.
(Are marshals safer than pickles? What if SerialCookie used marshal
instead?)
--amk