New submission from Brandon Bloom <snprbo...@gmail.com>: This issue came up while doing Google App Engine development. Apparently the default wsgi handler logic is to cache os.environ into os_environ at import time. This is reasonable behavior for wsgi, but when using cgi, this is a serious security hole which leaks information between requests.
See this related bug at GAE: http://code.google.com/p/googleappengine/issues/detail? id=2040&q=cookies%20dev_appserver.py&colspec=ID%20Type%20Status%20Priority %20Stars%20Owner%20Summary%20Log%20Component ---------- components: Library (Lib) messages: 94819 nosy: snprbob86 severity: normal status: open title: wsgiref.handlers.CGIHandler caches os.environ, leaking info between requests type: security versions: Python 2.5 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue7250> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
