[Patches] [ python-Patches-655760 ] Add warnings to unsafe Cookie classes
noreply@sourceforge.net
noreply@sourceforge.net
Sun, 29 Dec 2002 10:20:46 -0800
Patches item #655760, was opened at 2002-12-18 09:37
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=655760&group_id=5470
Category: Library (Lib)
Group: Python 2.3
>Status: Closed
Resolution: Accepted
Priority: 5
Submitted By: A.M. Kuchling (akuchling)
Assigned to: Nobody/Anonymous (nobody)
Summary: Add warnings to unsafe Cookie classes
Initial Comment:
The attached patch adds a warning when the SerialCookie and SmartCookie classes are instantiated.
2.2.2's docs warn against using the classes. If this patch is accepted, 2.3 will warn whenever the classes are used, and they can be removed in 2.4. (Is there a PEP which records things to remove so we don't forget? PEP 4 lists entire modules, but not classes or methods.)
Alternatively, we could say this is a serious security risk and just rip the classes out without deprecating them first; that would require a BDFL pronouncement, I think.
----------------------------------------------------------------------
>Comment By: A.M. Kuchling (akuchling)
Date: 2002-12-29 13:20
Message:
Logged In: YES
user_id=11375
Checked in.
----------------------------------------------------------------------
Comment By: Raymond Hettinger (rhettinger)
Date: 2002-12-28 19:34
Message:
Logged In: YES
user_id=80475
I would use the term "insecure" rather than "unsafe" which
is overly broad and may imply instability rather an
insecurity. Otherwise, the patch is fine.
----------------------------------------------------------------------
Comment By: A.M. Kuchling (akuchling)
Date: 2002-12-18 09:43
Message:
Logged In: YES
user_id=11375
SF didn't accept my attached patch; trying again...
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=655760&group_id=5470