[Python-Dev] Cookie.py security (original) (raw)

A.M. Kuchling akuchlin@mems-exchange.org
Wed, 30 Aug 2000 09:26:20 -0400

• Previous message: [Python-Dev] stack check on Unix: any suggestions?
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[CC'ed to python-dev and Tim O'Malley]

The Cookie module recently added to 2.0 provides 3 classes of Cookie: SimpleCookie, which treats cookie values as simple strings, SerialCookie, which treats cookie values as pickles and unpickles them, and SmartCookie which figures out if the value is a pickle or not.

Unpickling untrusted data is unsafe. (Correct?) Therefore, SerialCookie and SmartCookie really shouldn't be used, and Moshe's docs for the module say so.

Question: should SerialCookie and SmartCookie be removed? If they're not there, people won't accidentally use them because they didn't read the docs and missed the warning.

Con: breaks backward compatibility with the existing cookie module and forks the code.

(Are marshals safer than pickles? What if SerialCookie used marshal instead?)

--amk

• Previous message: [Python-Dev] stack check on Unix: any suggestions?
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]