djc at object-craft.com.au
Fri Jul 11 07:01:56 CEST 2003
> On Thu, 2003-07-10 at 20:20, David McNab wrote:
> > I'm writing a web app framework which stores pickles in client cookies.
> > The obvious security risk is that some 5cr1p7 X1ddi35 will inevitably try
> > tampering with the cookie and malforming it in an attempt to get the
> > server-side python code to run arbitrary code, or something similarly
> > undesirable.
> > To protect against this, I've subclassed pickle.Unpickler, and added
> > overrides of the methods load_global, load_inst, load_obj and find_class.
> A much easier way to secure your pickle is to sign it, like:
> cookie = dumps(object)
> secret = 'really secret!'
> hasher = md5.new()
> cookie_signature = md5.digest()
> You may then wish to base64 encode both (.encode('base64')), pop
> them into one value, and you're off. Though I suppose at that point
> you may be hitting the maximum value of a cookie. Hidden fields
> will work nicely, though.
> Decoding and verifying is an exercise left to the reader.
That is exactly what Albatross does with pickles sent to the browser.
In case it is interesting to anyone, here is the class that does the
work of signing and checking the sign.
def __init__(self, secret):
self.__secret = secret
def pickle_sign(self, text):
m = md5.new()
text = m.digest() + text
def pickle_unsign(self, text):
digest = text[:16]
text = text[16:]
m = md5.new()
if m.digest() == digest:
More information about the Python-list