Re: [Karrigell-main] First-time User
Brought to you by:
quentel
Menu
▾
▴
Re: [Karrigell-main] First-time User
|
From: Pierre Q. <que...@wa...> - 2003-09-17 19:31:02
|
Hello William, Thanks for mentioning the Deprecation message, I should move to Python 2.3 now ! I've changed SmartCookie into SimpleCookie as suggested by Andrew (nice reading you again !) and I've found it worked as before For Didier : I have restored the directory change in karrigellHandle, for the reason I mentioned in my mail Cheers, Pierre ----- Original Message ----- From: "Andrew Nelis" <an...@ni...> To: <kar...@li...> Sent: Wednesday, September 17, 2003 11:44 AM Subject: Re: [Karrigell-main] First-time User > William Trenker wrote: > > Hello, > > Hello, > > > First, I notice the following DerecationWarning. Is there a real security concern here? > > > > /src/Karrigell# python Karrigell.py -P 8081 > > Karrigell 1.2 ok > > /usr/local/lib/python2.3/Cookie.py:712: DeprecationWarning: Cookie/SmartCookie class is insecure; do not use it > > DeprecationWarning) > > > > http://groups.google.co.uk/groups?selm=7xd6whehjj.fsf%40ruckus.brouhaha.com > > Has this to say: > > > WARNING! DANGER WILL ROBINSON! The default ("smart") cookie class > > defined by that module uses pickle to encode arbitrary Python objects > > into cookies. This creates a security hole at the server side since > > attackers can create cookies that instantiate class instances with > > malicious data passed to the class initializers. Don't use smart cookies. > > The solution just is to replace instances of SmartCookie with > SimpleCookie which doesn't use the pickle stuff. I think it appears > twice in Karrigell.py. I've tried this, it seems to work though I'm not > on python 2.3 yet (long loading time and my modules still use 2.2 :| ) > so you might still get the warning. > > > Cheers, > > Andrew. > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Karrigell-main mailing list > Kar...@li... > https://lists.sourceforge.net/lists/listinfo/karrigell-main |