Securing 'pickle'
Erik Max Francis
max at alcyone.com
Thu Jul 10 21:52:53 EDT 2003
Paul Rubin wrote:
> Because now you need a mechanism to store the session info on the
> server, and you might want it to work across multiple load-balanced
> servers that fail over to one another, etc.
That's far superior to presenting the opportunity to exploits in the
first place, in my opinion. Depending on the contents of the contents
of that cookie, what you suggest may not be a problem at all (depending
on how critical the data contained therein is).
--
Erik Max Francis && max at alcyone.com && http://www.alcyone.com/max/
__ San Jose, CA, USA && 37 20 N 121 53 W && &tSftDotIotE
/ \ I would rather understand one cause than be king of Persia.
\__/ Democritus
More information about the Python-list
mailing list