What are security holes?
Irmen de Jong
usenet at NOSPAM-irmen.cjb.net
Sat Jan 26 11:40:04 EST 2002
There are some obscure security issues with the pickle module.
Accepting pickled data from an untrusted source, wether directly,
or in a cookie header, is unsafe, because it is possible to tweak
the data in such ways that the unpickling code runs arbitrary code.
Be sure to use the 'plain' cookie, not the one using pickle to store
the cookie data.
Ofcourse, this only applies if you are using Python for networking.
Regards
Irmen de Jong
More information about the Python-list
mailing list