Securing 'pickle'

Dave Cole djc at
Fri Jul 11 07:01:56 CEST 2003

> On Thu, 2003-07-10 at 20:20, David McNab wrote:
> > I'm writing a web app framework which stores pickles in client cookies.
> > 
> > The obvious security risk is that some 5cr1p7 X1ddi35 will inevitably try
> > tampering with the cookie and malforming it in an attempt to get the
> > server-side python code to run arbitrary code, or something similarly
> > undesirable.
> >
> > To protect against this, I've subclassed pickle.Unpickler, and added
> > overrides of the methods load_global, load_inst, load_obj and find_class.
> A much easier way to secure your pickle is to sign it, like:
> cookie = dumps(object)
> secret = 'really secret!'
> hasher =
> hasher.update(secret)
> hasher.update(cookie)
> cookie_signature = md5.digest()
> You may then wish to base64 encode both (.encode('base64')), pop
> them into one value, and you're off.  Though I suppose at that point
> you may be hitting the maximum value of a cookie.  Hidden fields
> will work nicely, though.
> Decoding and verifying is an exercise left to the reader.

That is exactly what Albatross does with pickles sent to the browser.
In case it is interesting to anyone, here is the class that does the
work of signing and checking the sign.

- Dave

class PickleSignMixin:

    def __init__(self, secret):
        self.__secret = secret
    def pickle_sign(self, text):
        m =
        text = m.digest() + text
        return text
    def pickle_unsign(self, text):
        digest = text[:16]
        text = text[16:]
        m =
        if m.digest() == digest:
            return text
        return ''


More information about the Python-list mailing list