On Mon, 2006-09-18 at 10:27 -0700, Ben Bangert wrote: > Why do you assume the session store is untrusted? If someone can hack > into my database, they can typically hack into my web application so > its pretty weird to consider the backend session store to be > "untrusted".
You are assuming that the pickle is stored in a secure database. If the pickle is in a cookie or some other client side storage, then it is definitely not to be trusted. -- Lloyd Kvam Venix Corp _______________________________________________ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com