|
Joseph Barillari
joeb at mit.edu
Fri Jun 9 13:48:18 EDT 2006
On Fri, Jun 09, 2006 at 10:33:11AM -0700, David Bear wrote: > Many thanks for all the great comments and suggestions. > > I do see how passing a pickled in a form object is any less secure > then passing the same information in a string. It would be easy to > added two items to make it 'unbreakable'. > > first, after base64 encoding the pickle, I could create an md5sum and > put that into a second form elment. Then, I could include one > non-pickled item in a third form element. So, it would look something > like this. > > shorthand psuedo code (not python) > form1 = [name, address, phone] > pickledform1 = base64(pickle(form1)) > check = md5sum(pickeldform1) > form1 = [pickkledform1, name(from form 1), ,check, additional form fields] I assume you'd make sure that md5(base64(pickledform1)) == check after each POST. This doesn't buy you any security. An adversary can just as easily subsitute a poison pickle and the correct hash of the poison pickle. Append a secret to your pickle before hashing it to prevent this. (c.f. HMAC.) > Really, the only point of pickling the items from the first form is > just to save effort when collecting and handling the form data from > the second form. > > However, if that is the only thing that is gained from doing this.. > then its not much. > > I'm still hesitating using session objects as I don't understand > them.. and have read too many things about problems they cause. Avoiding the complexity of session management is probably not a bad idea, but there are less complex ways of doing it. Key management can be a pain -- I suggest flattening your session data to a 'safe' format -- perhaps to JSON or to XML. Joe -- Joseph Barillari joeb at mit.edu 107 Ave. Louis Pasteur, Vandy Box 121, Boston, MA 02115 617-519-9250 (mobile)
|