Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from http://mail.python.org/pipermail/python-dev/2000-August/008997.html below:

[Python-Dev] Cookie.py security

• Previous message: [Python-Dev] Cookie.py security
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 30, 2000 at 09:21:23PM -0400, Jeremy Hylton wrote:
> I would guess that pickle makes attacks easier: It has more features,
> e.g. creating instances of arbitrary classes (provided that the attacker
> knows what classes are available).

marshal can handle code objects.  That seems pretty scary to me.  I
would vote for not including these unsecure classes in the standard
distribution.  Software that expects them should include their own
version of Cookie.py or be fixed.

  Neil

• Previous message: [Python-Dev] Cookie.py security
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4