[EMAIL PROTECTED] wrote: > ... However, point taken on the data coming from a > cookie. I'll wrap handling the flash data in a try statement to handle > if the data is invalid for 1.0rc3. I should have thought of that > sooner.
It's a bigger problem then the pickle module throwing an exception on invalid data. Unpickling is completely unsecure. By unpickling a cookie you're allowing anyone sending that cookie to execute whatever code they want. Ross Ridge --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---