Securing 'pickle'
Nagy László Zsolt
nagylzs at freemail.hu
Fri Jul 11 13:39:37 EDT 2003
>
>
>
>
>>My suggestion is to
>>authenticate the cookies with a cryptographic checksum and verify the
>>authentication before deserializing the cookies. That's probably the
>>simplest approach. Keeping session info on a multi-process server (or
>>worse, a multi-server network) needs some kind of concurrent storage
>>mechanism.
>>
>>
>
>Paul,
>
>Do you mean transmit the checksum to the client with the cookie? And
>check that they match when the cookie and checksum come back?
>
>Or is the checksum stored on the server, in some form of lookup
>dictionary keyed by some user session identifier?
>
I think he wanted to write a digital signature instead. Right?
Laci 1.0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20030711/3d7d964e/attachment.html>
More information about the Python-list
mailing list