[Web-SIG] Python pickle and web security.

Python python at venix.com
Fri Sep 15 15:40:31 CEST 2006

On Fri, 2006-09-15 at 18:29 +1000, René Dudfield wrote:
> Hello,
> I posted this on my blog the other day about people using pickle for
> sessions, but got no response.  Do you guys think using pickles for
> sessions is an ok thing to do?

Either encrypt the pickle or have a seeded (md5) signature so that you
can verify that the pickle has not been tampered.  I use pickles
routinely, but with an md5 signature that combines a seed and the

Someone cannot generate a valid signature without also knowing the seed.
I am paranoid enough so that I only pickle dictionaries and then only
extract and verify my list of expected keys after unpickling.  I can't
prove that's secure, but I am not losing sleep over it.  

Presumably someone who knew the seed could generate a valid signature
*and* inject code into the pickle that got executed by the unpickle

> ...........
> Some python web frame works are using pickle to store session data.
> Pickle is a well known poor choice for secure systems. However it
> seems to be more widely known by those writing network applications,
> than those making web frameworks.
> Is your web framework using pickle for sessions despite the warnings
> in the python documentation about it being insecure?
> By using sessions with pickle people who can write to the database
> servers session table can execute code on the app server. Or people
> who can get data into the session file/memcache data store can execute
> data.
> This might be an issue if the database server is run by separate
> people than the app server. Or if the session table is compromised by
> an sql injection attack elsewhere.
> There are some more secure ways of storing pickled data.
> Pickle is deemed to be untrustworthy for data. In that it is not
> certain that code can not be snuck into the data that will be executed
> by pickle. So if some data from user input is put into the pickle,
> then it is possible that code could be run.
> There are some people who know more about how to exploit pickle,
> however the warning in the python documentation is this:
> ""Warning:
> The pickle module is not intended to be secure against erroneous or
> maliciously constructed data. Never unpickle data received from an
> untrusted or unauthenticated source."""
> Cerealizer might be an alternative option...
> http://home.gna.org/oomadness/en/cerealizer/index.html
> Or maybe these other two.
> http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/415503
> http://barnesc.blogspot.com/2006/01/rencode-reduced-length-encodings.html
> _______________________________________________
> Web-SIG mailing list
> Web-SIG at python.org
> Web SIG: http://www.python.org/sigs/web-sig
> Unsubscribe: http://mail.python.org/mailman/options/web-sig/python%40venix.com
Lloyd Kvam
Venix Corp

More information about the Web-SIG mailing list