[Web-SIG] Python pickle and web security.

[Python]

On Mon, 2006-09-18 at 10:27 -0700, Ben Bangert wrote:
> Why do you assume the session store is untrusted? If someone can hack 
> into my database, they can typically hack into my web application so 
> its pretty weird to consider the backend session store to be 
> "untrusted".

You are assuming that the pickle is stored in a secure database.  If the
pickle is in a cookie or some other client side storage, then it is
definitely not to be trusted.

-- 
Lloyd Kvam
Venix Corp