[Web-SIG] Python pickle and web security.
python at venix.com
Mon Sep 18 20:16:02 CEST 2006
On Mon, 2006-09-18 at 10:27 -0700, Ben Bangert wrote:
> Why do you assume the session store is untrusted? If someone can hack
> into my database, they can typically hack into my web application so
> its pretty weird to consider the backend session store to be
You are assuming that the pickle is stored in a secure database. If the
pickle is in a cookie or some other client side storage, then it is
definitely not to be trusted.
More information about the Web-SIG