➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2002-12-18 14:37 by akuchling, last changed 2022-04-10 16:06 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| cookie.diff | akuchling, 2002-12-18 14:43 | Add warnings to unsafe Cookie classes | ||
| Messages (4) | |||
|---|---|---|---|
| msg42029 - (view) | Author: A.M. Kuchling (akuchling) *  |
Date: 2002-12-18 14:37 | |
The attached patch adds a warning when the SerialCookie and SmartCookie classes are instantiated. 2.2.2's docs warn against using the classes. If this patch is accepted, 2.3 will warn whenever the classes are used, and they can be removed in 2.4. (Is there a PEP which records things to remove so we don't forget? PEP 4 lists entire modules, but not classes or methods.) Alternatively, we could say this is a serious security risk and just rip the classes out without deprecating them first; that would require a BDFL pronouncement, I think. |
|||
| msg42030 - (view) | Author: A.M. Kuchling (akuchling) * |
Date: 2002-12-18 14:43 | |
Logged In: YES user_id=11375 SF didn't accept my attached patch; trying again... |
|||
| msg42031 - (view) | Author: Raymond Hettinger (rhettinger) * |
Date: 2002-12-29 00:34 | |
Logged In: YES user_id=80475 I would use the term "insecure" rather than "unsafe" which is overly broad and may imply instability rather an insecurity. Otherwise, the patch is fine. |
|||
| msg42032 - (view) | Author: A.M. Kuchling (akuchling) * |
Date: 2002-12-29 18:20 | |
Logged In: YES user_id=11375 Checked in. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-10 16:06:02 | admin | set | github: 37627 |
| 2002-12-18 14:37:32 | akuchling | create | |