Securing 'pickle'
Ben Finney
bignose-hates-spam at and-zip-does-too.com.au
Thu Jul 10 21:06:05 EDT 2003
On Fri, 11 Jul 2003 13:20:48 +1200, David McNab wrote:
> I'm writing a web app framework which stores pickles in client
> cookies.
Sounds like a waste of bandwidth, in addition to the security concerns
you raise.
Why not store the pickles on the server, and set a session cookie to
refer to them? That way, you only send a short session ID instead of
the whole pickle, and messing with the cookie doesn't alter the pickles.
(Mmm, all this talk of food...)
--
\ "I don't know anything about music. In my line you don't have |
`\ to." -- Elvis Aaron Presley (1935-1977) |
_o__) |
http://bignose.squidly.org/ 9CFE12B0 791A4267 887F520C B7AC2E51 BD41714B
More information about the Python-list
mailing list