>>>>> "NS" == Neil Schemenauer <nascheme@enme.ucalgary.ca> writes: NS> On Wed, Aug 30, 2000 at 09:21:23PM -0400, Jeremy Hylton wrote: >> I would guess that pickle makes attacks easier: It has more >> features, e.g. creating instances of arbitrary classes (provided >> that the attacker knows what classes are available). NS> marshal can handle code objects. That seems pretty scary to me. NS> I would vote for not including these unsecure classes in the NS> standard distribution. Software that expects them should NS> include their own version of Cookie.py or be fixed. If a server is going to use cookies that contain marshal or pickle data, they ought to be encrypted or protected by a secure hash. Jeremy
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4