On 1/12/07, Gulopine <[EMAIL PROTECTED]> wrote:
...
> I should note, however, that security extends only so far as preventing
> a user from tampering with the cookie. If the cookie itself is
> compromised and removed from the computer by an attacker, it would
> presumably still be considered
> Can you explain the reasons why one would want to use signed cookies?
> What (presumably security) issues are they intended to overcome?
Yes, the main concept here is security. Since the signature is based on
name and value of the cookie as well as the project's SECRET_KEY, a
change to any one
Gulopine wrote:
> I've taken the liberty of writing up a contrib middleware to
> transparently implement signed cookies in a Django app. It autmatically
> signs and validates all cookies on its own, without any other code
> needing to know a thing about it.
Can you explain the reasons why one
I've taken the liberty of writing up a contrib middleware to
transparently implement signed cookies in a Django app. It autmatically
signs and validates all cookies on its own, without any other code
needing to know a thing about it. That is, it cleans up after itself,
so that views and other