[Zope] cookie problem

Hung Jung Lu hungjunglu@hotmail.com
Tue, 01 Feb 2000 09:48:13 PST


>From: Martijn Pieters <mj@digicool.com>
>Erm.. .you guys realizing that you are opening a gaping security hole
>here?

You are right. An astronomical worm-hole. :)

Personally, I do the following things:

(1) I only use cookies that are encrypted.
(2) I avoid using serialization (pickle).

On point (1): why would anyone want to expose the recipe
of their cookies? If you don't do that with real cookies,
why would you do it with internet cookies? :)

On point (2): If it is pure data, don't pickle it.
Don't be lazy. Write a output format for it. You'll be
glad, because you will be able to handle the data from
something else than Python.

If it is really necessary to keep track of large objects,
it's better to store and retrieve them on the server
side. I remember someone wrote a How-to on this:
http://www.zope.org/Members/gaaros/localcookies

Hung Jung

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com