[EMAIL PROTECTED] wrote:
> ... However, point taken on the data coming from a
> cookie. I'll wrap handling the flash data in a try statement to handle
> if the data is invalid for 1.0rc3. I should have thought of that
> sooner.
It's a bigger problem then the pickle module throwing an exception on
invalid data. Unpickling is completely unsecure. By unpickling a
cookie you're allowing anyone sending that cookie to execute whatever
code they want.
Ross Ridge
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To post to this group, send email to google-appengine@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/google-appengine?hl=en
-~----------~----~----~----~------~----~------~--~---
