[issue34915] LWPCookieJar.save() creates *.lwp file in 644 mode

2021-03-13 Thread Martin Panter
Martin Panter added the comment: I don't have a strong opinion, but it does seem a sensible change that matches the high-level nature of the "cookiejar" module, with low risk of users relying on the current file permissions. On the other hand, the "curl" command seems to use the default

[issue34915] LWPCookieJar.save() creates *.lwp file in 644 mode

2020-10-21 Thread Christian Heimes
Change by Christian Heimes : -- assignee: christian.heimes -> nosy: -christian.heimes versions: +Python 3.10, Python 3.8, Python 3.9 -Python 2.7, Python 3.4, Python 3.5 ___ Python tracker

[issue34915] LWPCookieJar.save() creates *.lwp file in 644 mode

2019-05-05 Thread Karthikeyan Singaravelan
Karthikeyan Singaravelan added the comment: Martin, any thoughts on this change? -- nosy: +martin.panter ___ Python tracker ___

[issue34915] LWPCookieJar.save() creates *.lwp file in 644 mode

2019-03-29 Thread Karthikeyan Singaravelan
Karthikeyan Singaravelan added the comment: I guess this is a good choice and distutils stores .pypirc [0] in this manner that has username and password. [0] https://github.com/python/cpython/blob/2f54908afc5665937d763510b4430f10cf764641/Lib/distutils/config.py#L45 -- nosy:

[issue34915] LWPCookieJar.save() creates *.lwp file in 644 mode

2018-10-06 Thread Ales Kvapil
New submission from Ales Kvapil : The LWPCookieJar.save() creates an *.lwp file containing session cookies in non-safe 644 mode (everyone can read it). This is not a secure behavior, especially for storing session keys or session cookies. The file should be created in 600 mode in my opinion.