Paul Rubin wrote:
> Dave Brueck <[EMAIL PROTECTED]> writes:
> 
>>One thing from your experience that did resonate with me is that,
>>except for ftplib and occasionally urllib (for basic, one-shot GETs),
>>we don't use any of the standard library's "protocol" modules - partly
>>because we had to implement our own HTTP libraries for performance and
>>scalability reasons anyway, and partly because we had trouble figuring
>>out e.g. all the ins and outs of urllib/urllib2/httplib.
> 
> 
> What do you use for HTTPS?

Hi Paul,

m2crypto (plus some patches to make asynchronous SSL do what we needed).

> And did you use the Cookie module in your
> HTTP servers?  You may have had problems without even being aware of
> them (until recently if you used Cookie with its default settings, any
> attacker could completely take over your server by sending you
> carefully concoted cookies).

Are you referring to the use of pickle for cookie serialization? In any case, 
we 
didn't use Cookie.py from the stdlib (on the servers, nearly everything related 
to URLs & HTTP was custom-built, with the exception of urlparse, for the 
aforemenioned reasons).

-Dave
-- 
http://mail.python.org/mailman/listinfo/python-list

Reply via email to