Cookie encoding

[Paul Rubin]

Terry Hancock <hancock at anansispaceworks.com> writes:
> So I need to encode the result into something safer. I've
> tried the uu.encode, base64.encode, etc. but I'm just
> taking shots in the dark (and these didn't work) -- I
> figure there has to be a standard answer to this
> problem.  

Try binascii.hexlify.  The result should be safe for just
about anything.

> There is a "Cookie" module, which looks
> interesting, but it seems to want to make the whole
> HTTP set-cookie line, not just the legal value.

WARNING!  DANGER WILL ROBINSON!  The default ("smart") cookie class
defined by that module uses pickle to encode arbitrary Python objects
into cookies.  This creates a security hole at the server side since
attackers can create cookies that instantiate class instances with
malicious data passed to the class initializers.  Don't use smart cookies.