[Patches] [ python-Patches-655760 ] Add warnings to unsafe Cookie classes

noreply@sourceforge.net noreply@sourceforge.net
Sat, 28 Dec 2002 16:34:06 -0800


Patches item #655760, was opened at 2002-12-18 09:37
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=655760&group_id=5470

Category: Library (Lib)
Group: Python 2.3
Status: Open
>Resolution: Accepted
Priority: 5
Submitted By: A.M. Kuchling (akuchling)
Assigned to: Nobody/Anonymous (nobody)
Summary: Add warnings to unsafe Cookie classes

Initial Comment:
The attached patch adds a warning when the SerialCookie and SmartCookie classes are instantiated.  

2.2.2's docs warn against using the classes.  If this patch is accepted, 2.3 will warn whenever the classes are used, and they can be removed in 2.4.  (Is there a PEP  which records things to remove so we don't forget?  PEP 4 lists entire modules, but not classes or methods.)

Alternatively, we could say this is a serious security risk and just rip the classes out without deprecating them first; that would require a BDFL pronouncement, I think.




----------------------------------------------------------------------

>Comment By: Raymond Hettinger (rhettinger)
Date: 2002-12-28 19:34

Message:
Logged In: YES 
user_id=80475

I would use the term "insecure" rather than "unsafe" which 
is overly broad and may imply instability rather an 
insecurity.  Otherwise, the patch is fine.

----------------------------------------------------------------------

Comment By: A.M. Kuchling (akuchling)
Date: 2002-12-18 09:43

Message:
Logged In: YES 
user_id=11375

SF didn't accept my attached patch; trying again...

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=655760&group_id=5470