ianb at colorstudy.com
Fri Jul 11 20:39:37 CEST 2003
On Fri, 2003-07-11 at 10:00, John J. Lee wrote:
> Ian Bicking <ianb at colorstudy.com> writes:
> > Security isn't a big deal -- or rather, securing cookies isn't a big
> > deal.
> I don't understand. The problem is that pickles can be constructed
> that can damage systems when unpickled, is that right? If that's
> true, then surely unpickling cookie data is unsafe, because stuff
> coming in from the network has to be regarded as malevolent. Are you
> saying that web server environments are sufficiently-well bolted down
> that no pickle attack will work? But belt-and-braces is the best
> policy, isn't it?
I should have said "securing cookies isn't hard", so that's not the
reason not to use them (though you shouldn't just use plain-vanilla
More information about the Python-list