[Python-Dev] Cookie.py security (original) (raw)

Thomas Wouters thomas@xs4all.net
Wed, 30 Aug 2000 21:22:22 +0200

• Previous message: [Python-Dev] Cookie.py security
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 30, 2000 at 03:09:13PM -0400, timo@timo-tasi.org wrote:

hola. On Wed, Aug 30, 2000 at 10:09:16AM -0400, Fred L. Drake, Jr. wrote: > A.M. Kuchling writes: > > (Are marshals safer than pickles? What if SerialCookie used marshal > > instead?)

> A bit safer, I think, but this maintains the backward compatibility > issue.

Is this true? Marshal is backwards compatible to Pickle?

No, what Fred meant is that it maintains the backward compatibility issue, not compatibility itself. It's still a problem for people who want to read cookies made by the 'old' version, or otherwise want to read in 'old' cookies.

I think it would be possible to provide a 'safe' unpickle, that only unpickles primitives, for example, but that might still maintain the backwards compatibility issue, even if it's less of an issue then. And it's a bloody lot of work, too :-)

-- Thomas Wouters <thomas@xs4all.net>

Hi! I'm a .signature virus! copy me into your .signature file to help me spread!

• Previous message: [Python-Dev] Cookie.py security
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]