|
Gregory (Grisha) Trubetskoy
grisha at modpython.org
Fri Nov 7 13:37:12 EST 2003
On Fri, 7 Nov 2003, Michael S. Fischer wrote:
> Hi Grisha,
>
> I have some comments WRT section 4.7.1 in the 3.1.2b mod_python manual.
>
> First, please explain to us why we need yet another cookie class,
Because it is more efficient and simpler to use within mod_python
environment.
> especially one that has the same name as the package that ships with
> Python ("Cookie").
Since it resides inside the mod_python package I don't see how it matters.
> Second, it's really important that you emphasize the security risks of
> using MarshalCookie; see the Python documentation for SerialCookie to
> see why.
There are no known security risks of useing MarshalCookie. At least none
that I am aware of, and I researched the subject pretty thoroughly.
First - MarshalCookie is a subclass of SignedCookie, so all MarshalCookies
are signed, which makes it impossible to alter the cookie value.
Second, there is a distinction between "marshalling" and "pickling", which
is what SerialCookie uses. The process of unmarshalling does not execute
arbitrary code.
> Also, there are efficient-length considerations; constructing
> cookies representing 100kB data structures would not be "best practice."
Apache will limit any header length to about 4k :-)
Grisha
|