[Python-Dev] Re: Cookie.py security (original) (raw)

timo@timo-tasi.org timo@timo-tasi.org
Wed, 30 Aug 2000 14:51:52 -0400

• Previous message: [Python-Dev] Cookie.py security
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hola.

On Wed, Aug 30, 2000 at 09:26:20AM -0400, A.M. Kuchling wrote:

Question: should SerialCookie and SmartCookie be removed? If they're not there, people won't accidentally use them because they didn't read the docs and missed the warning.

Con: breaks backward compatibility with the existing cookie module and forks the code.

I had a thought about this - kind of a intermediate solution.

Right now, the shortcut 'Cookie.Cookie()' returns an instance of the SmartCookie, which uses Pickle. Most extant examples of using the Cookie module use this shortcut.

We could change 'Cookie.Cookie()' to return an instance of SimpleCookie, which does not use Pickle. Unfortunately, this may break existing code (like Mailman), but there is a lot of code out there that it won't break.

Also, people could still use the SmartCookie and SerialCookie classes, but not they would be more likely to read them in the documentation because they are "outside the beaten path".

• Previous message: [Python-Dev] Cookie.py security
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]