diff options
| author | Barry Warsaw <barry@python.org> | 2001-11-16 22:28:17 (GMT) |
|---|---|---|
| committer | Barry Warsaw <barry@python.org> | 2001-11-16 22:28:17 (GMT) |
| commit | 0c0565dd7f389abc5cdf056374073088dd3f8d46 (patch) | |
| tree | 0547b96ae1f758292cb45d96a3f52bc9d9f61487 | |
| parent | 5e17d20743c501efc93954359d3194e5af71878f (diff) | |
| download | cpython-0c0565dd7f389abc5cdf056374073088dd3f8d46.zip cpython-0c0565dd7f389abc5cdf056374073088dd3f8d46.tar.gz cpython-0c0565dd7f389abc5cdf056374073088dd3f8d46.tar.bz2 | |
Toughen up the security warnings a bit.
| -rw-r--r-- | Doc/lib/libcookie.tex | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/Doc/lib/libcookie.tex b/Doc/lib/libcookie.tex index 227add6..18468e7 100644 --- a/Doc/lib/libcookie.tex +++ b/Doc/lib/libcookie.tex @@ -42,11 +42,10 @@ This class derives from \class{BaseCookie} and overrides \method{value_decode()} and \method{value_encode()} to be the \function{pickle.loads()} and \function{pickle.dumps()}. -Do not use this class. Reading pickled values from a cookie is a -security hole, as arbitrary client-code can be run on -\function{pickle.loads()}. It is supported for backwards -compatibility. - +\strong{Do not use this class!} Reading pickled values from untrusted +cookie data is a huge security hole, as pickle strings can be crafted +to cause arbitrary code to execute on your server. It is supported +for backwards compatibility only, and may eventually go away. \end{classdesc} \begin{classdesc}{SmartCookie}{\optional{input}} @@ -56,9 +55,17 @@ valid pickle, and otherwise the value itself. It overrides \method{value_encode()} to be \function{pickle.dumps()} unless it is a string, in which case it returns the value itself. -The same security warning from \class{SerialCookie} applies here. +\strong{Note:} The same security warning from \class{SerialCookie} +applies here. \end{classdesc} +A further security note is warranted. For backwards compatibility, +the \module{Cookie} module exports a class named \class{Cookie} which +is just an alias for \class{SmartCookie}. This is probably a mistake +and will likely be removed in a future version. You should not use +the \class{Cookie} class in your applications, for the same reason why +you should not use the \class{SerialCookie} class. + \begin{seealso} \seerfc{2109}{HTTP State Management Mechanism}{This is the state @@ -181,8 +188,6 @@ The following example demonstrates how to use the \module{Cookie} module. >>> C = Cookie.SimpleCookie() >>> C = Cookie.SerialCookie() >>> C = Cookie.SmartCookie() ->>> C = Cookie.Cookie() # backwards-compatible alias for SmartCookie ->>> C = Cookie.SmartCookie() >>> C["fig"] = "newton" >>> C["sugar"] = "wafer" >>> print C # generate HTTP headers |