On Sep 18, 2006, at 2:16 PM, Python wrote: > On Mon, 2006-09-18 at 10:27 -0700, Ben Bangert wrote: >> Why do you assume the session store is untrusted? If someone can hack >> into my database, they can typically hack into my web application so >> its pretty weird to consider the backend session store to be >> "untrusted". > > You are assuming that the pickle is stored in a secure database. > If the > pickle is in a cookie or some other client side storage, then it is > definitely not to be trusted.
Right. Storing pickles in cookies is a very bad idea. Hopefully, no one is doing that. Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org _______________________________________________ Web-SIG mailing list [email protected] Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
