Securing 'pickle'

Nagy László Zsolt nagylzs at freemail.hu
Fri Jul 11 19:39:37 CEST 2003


>
>
>  
>
>>My suggestion is to
>>authenticate the cookies with a cryptographic checksum and verify the
>>authentication before deserializing the cookies.  That's probably the
>>simplest approach.  Keeping session info on a multi-process server (or
>>worse, a multi-server network) needs some kind of concurrent storage
>>mechanism.  
>>    
>>
>
>Paul,
>
>Do you mean transmit the checksum to the client with the cookie? And
>check that they match when the cookie and checksum come back?
>
>Or is the checksum stored on the server, in some form of lookup
>dictionary keyed by some user session identifier?
>
I think he wanted to write a digital signature instead. Right?

Laci 1.0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20030711/3d7d964e/attachment.html>


More information about the Python-list mailing list