[Python-Dev] Cookie.py security
timo@timo-tasi.org
timo@timo-tasi.org
Wed, 30 Aug 2000 15:09:13 -0400
hola.
On Wed, Aug 30, 2000 at 10:09:16AM -0400, Fred L. Drake, Jr. wrote:
>
> A.M. Kuchling writes:
> > (Are marshals safer than pickles? What if SerialCookie used marshal
> > instead?)
>
> A bit safer, I think, but this maintains the backward compatibility
> issue.
Is this true?
Marshal is backwards compatible to Pickle?
If it is true, that'd be kinda cool.
> If it is useful to change the API, this is the best time to do it,
> but we'd probably want to rename the module as well. Shared
> maintenance is also an issue -- Tim's opinion is very valuable here!
I agree -- if this is the right change, then now is the right time.
If a significant change is warranted, then the name change is probably
the right way to signal this change. I'd vote for 'httpcookie.py'.
I've been thinking about the shared maintenance issue, too. The right
thing is for the Cookie.py (or renamed version thereof) to be the
official version. I would probably keep the latest version up on
my web site but mark it as 'deprecated' once Python 2.0 gets released.
thoughts..?
e