|
Jorey Bump
list at joreybump.com
Fri Jun 9 13:55:39 EDT 2006
David Bear wrote: > Many thanks for all the great comments and suggestions. > > I do see how passing a pickled in a form object is any less secure > then passing the same information in a string. It would be easy to > added two items to make it 'unbreakable'. > > first, after base64 encoding the pickle, I could create an md5sum and > put that into a second form elment. Then, I could include one > non-pickled item in a third form element. So, it would look something > like this. > > shorthand psuedo code (not python) > form1 = [name, address, phone] > pickledform1 = base64(pickle(form1)) > check = md5sum(pickeldform1) > form1 = [pickkledform1, name(from form 1), ,check, additional form fields] If I understand your pseudocode correctly, I could still unencode the pickle, alter it, reencode it, generate a new md5sum, then submit it. You could mitigate this by storing the md5sum on the server only for comparison, but then you might as well just save the pickle on the server. Of course, you could extend this by using only the md5sum as a hidden form input value to locate/identify the pickle on the server, but an ordinary randomized string is good enough for that. It all depends on the problem you're trying to solve, and the risks involved with exposing the pickle data or letting it be altered. Just keep in mind that exchanging the pickle with the client for the sake of offloading the storage won't save you much if it increases latency and the bandwidth used by your application. As a cookie replacement for session management, it's kind of interesting, though (as long as altering it doesn't allow access to other user accounts, for example).
|