On Mon, 2006-09-18 at 14:24 -0400, Jim Fulton wrote: > On Sep 18, 2006, at 2:16 PM, Python wrote: > > > On Mon, 2006-09-18 at 10:27 -0700, Ben Bangert wrote: > >> Why do you assume the session store is untrusted? If someone can hack > >> into my database, they can typically hack into my web application so > >> its pretty weird to consider the backend session store to be > >> "untrusted". > > > > You are assuming that the pickle is stored in a secure database. > > If the > > pickle is in a cookie or some other client side storage, then it is > > definitely not to be trusted. > > Right. Storing pickles in cookies is a very bad idea. > Hopefully, no one is doing that.
As it happens, I am not using cookies to store pickles, but I've considered it. What makes it "a very bad idea"? > > Jim > > -- > Jim Fulton mailto:[EMAIL PROTECTED] Python > Powered! > CTO (540) 361-1714 > http://www.python.org > Zope Corporation http://www.zope.com http://www.zope.org > > > -- Lloyd Kvam Venix Corp _______________________________________________ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
