On 12:21 am, m...@gsites.de wrote:
Am 04.11.2010 17:15, schrieb anatoly techtonik:
> pickle is insecure, marshal too.
If the transport or storage layer is not save, you should
cryptographically sign the data anyway::
def pickle_encode(data, key):
msg = base64.b64encode(pickle.dumps(data, -1))
sig = base64.b64encode(hmac.new(key, msg).digest())
return sig + ':' + msg
def pickle_decode(data, key):
if data and ':' in data:
sig, msg = data.split(':', 1)
if sig == base64.b64encode(hmac.new(key, msg).digest()):
return pickle.loads(base64.b64decode(msg))
raise pickle.UnpicklingError("Wrong or missing signature.")
Bottle (a web framework) uses a similar approach to store non-string
data in client-side cookies. I don't see a (security) problem here.
Your pickle_decode leaks information about the key. An attacker will
eventually (a few seconds to a few minutes, depending on how they have
access to this system) be able to determine your key and send you
arbitrary pickles (ie, execute arbitrary code on your system).
Oops.
This stuff is hard. If you're going to mess around with it, make sure
you're *serious* (better approach: don't mess around with it).
Jean-Paul
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
