#9489: Unnecessary validation of internal data in contrib.sessions --------------------------------------------------+------------------------- Reporter: Grzegorz Lukasik <[EMAIL PROTECTED]> | Owner: nobody Status: new | Milestone: Component: django.contrib.sessions | Version: 1.0 Keywords: sessions get_decoded md5 tamper | Stage: Unreviewed Has_patch: 0 | --------------------------------------------------+------------------------- In django/contrib/sessions/models.py in method get_decoded data from database is verified for some reason (with md5 signature). The signature is added by method SessionManager.encode. Why internal data is checked if it cannot be alter by an external user?
-- Ticket URL: <http://code.djangoproject.com/ticket/9489> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---
