Hmm, sounds like this is a case where I am still learning python. Looks like I will be making some changes. I thought pickle was just a way to serialize data structures, but now after poking around a bit I see how dangerous it really can be. Thanks Ross.
Since Django is included within appengine, I believe that means simplejson is available to all users right? Looks like I got some playing around to do. On Oct 19, 8:58 pm, Ross Ridge <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > ... However, point taken on the data coming from a > > cookie. I'll wrap handling the flash data in a try statement to handle > > if the data is invalid for 1.0rc3. I should have thought of that > > sooner. > > It's a bigger problem then the pickle module throwing an exception on > invalid data. Unpickling is completely unsecure. By unpickling a > cookie you're allowing anyone sending that cookie to execute whatever > code they want. > > Ross Ridge --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
