[Web-SIG] Python pickle and web security.

Python python at venix.com
Mon Sep 18 20:16:02 CEST 2006

On Mon, 2006-09-18 at 10:27 -0700, Ben Bangert wrote:
> Why do you assume the session store is untrusted? If someone can hack 
> into my database, they can typically hack into my web application so 
> its pretty weird to consider the backend session store to be 
> "untrusted".

You are assuming that the pickle is stored in a secure database.  If the
pickle is in a cookie or some other client side storage, then it is
definitely not to be trusted.

Lloyd Kvam
Venix Corp

More information about the Web-SIG mailing list