Yuen Ho Wong <wyue...@gmail.com> added the comment: Ok I wasn't sure what security hole you were referring to, now I understand better.
Here's a pseudo code solution: if isinstance(who_userid, int): who_userid = "int(" + who_userid + ")" elif isinstance(who_userid, float): who_userid = "float(" + who_userid + ")" elif isinstance(who_userid, str): pass else: raise ValueError When you parse the cookie, just do eval(). When the type is a str, check the global charset var for an appropriate charset to decode to. Is this an accceptable solution? __________________________________ Repoze Bugs <b...@bugs.repoze.org> <http://bugs.repoze.org/issue101> __________________________________ _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev