On Sep 24, 10:18 am, Simon Willison <[email protected]> wrote: > This offers two APIs: sign/unsign and dumps/loads. sign and unsign > generate and append signatures to bytestrings and confirm that they > have not been tampered with. dumps and loads can be used to create > signed pickles of arbitrary Python objects.
Unpickling data sent by the client seems dangerous, since it can execute arbitrary code on the server [1]. Obviously signing the data goes a long way toward preventing such attacks, but I'm still not comfortable with the idea that a leaked signing key could instantly be escalated to arbitrary code execution. (For example, if the config files are exposed through a misconfigured web server or accidentally checked into public source control.) If you use JSON or some other object serialization by default, then the damage from a leaked secret key would be much more limited in most cases. 1. http://nadiana.com/python-pickle-insecure#HowtoMakeUnpicklingSafer --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
