[Patches] [ python-Patches-655760 ] Add warnings to unsafe Cookie classes

noreply@sourceforge.net noreply@sourceforge.net
Sun, 29 Dec 2002 10:20:46 -0800


Patches item #655760, was opened at 2002-12-18 09:37
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=655760&group_id=5470

Category: Library (Lib)
Group: Python 2.3
>Status: Closed
Resolution: Accepted
Priority: 5
Submitted By: A.M. Kuchling (akuchling)
Assigned to: Nobody/Anonymous (nobody)
Summary: Add warnings to unsafe Cookie classes

Initial Comment:
The attached patch adds a warning when the SerialCookie and SmartCookie classes are instantiated.  

2.2.2's docs warn against using the classes.  If this patch is accepted, 2.3 will warn whenever the classes are used, and they can be removed in 2.4.  (Is there a PEP  which records things to remove so we don't forget?  PEP 4 lists entire modules, but not classes or methods.)

Alternatively, we could say this is a serious security risk and just rip the classes out without deprecating them first; that would require a BDFL pronouncement, I think.




----------------------------------------------------------------------

>Comment By: A.M. Kuchling (akuchling)
Date: 2002-12-29 13:20

Message:
Logged In: YES 
user_id=11375

Checked in.

----------------------------------------------------------------------

Comment By: Raymond Hettinger (rhettinger)
Date: 2002-12-28 19:34

Message:
Logged In: YES 
user_id=80475

I would use the term "insecure" rather than "unsafe" which 
is overly broad and may imply instability rather an 
insecurity.  Otherwise, the patch is fine.

----------------------------------------------------------------------

Comment By: A.M. Kuchling (akuchling)
Date: 2002-12-18 09:43

Message:
Logged In: YES 
user_id=11375

SF didn't accept my attached patch; trying again...

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=655760&group_id=5470