Securing 'pickle'

Paul Rubin http
Fri Jul 11 17:54:55 CEST 2003


jjl at pobox.com (John J. Lee) writes:
> > Security isn't a big deal -- or rather, securing cookies isn't a big
> > deal.
> 
> I don't understand.  The problem is that pickles can be constructed
> that can damage systems when unpickled, is that right?  If that's
> true, then surely unpickling cookie data is unsafe, because stuff
> coming in from the network has to be regarded as malevolent.  Are you
> saying that web server environments are sufficiently-well bolted down
> that no pickle attack will work?  But belt-and-braces is the best
> policy, isn't it?

The point is that you can use cryptographic signatures to make sure
any cookie you receive is one that the server actually sent, before
deciding to unpickle it.  That means if the attacker constructs a
malicious cookie, you never unpickle it.




More information about the Python-list mailing list