On 12:21 am, m...@gsites.de wrote:
Am 04.11.2010 17:15, schrieb anatoly techtonik:
> pickle is insecure, marshal too.

If the transport or storage layer is not save, you should cryptographically sign the data anyway::

    def pickle_encode(data, key):
        msg = base64.b64encode(pickle.dumps(data, -1))
        sig = base64.b64encode(hmac.new(key, msg).digest())
        return sig + ':' + msg

    def pickle_decode(data, key):
        if data and ':' in data:
            sig, msg = data.split(':', 1)
            if sig == base64.b64encode(hmac.new(key, msg).digest()):
                return pickle.loads(base64.b64decode(msg))
        raise pickle.UnpicklingError("Wrong or missing signature.")

Bottle (a web framework) uses a similar approach to store non-string data in client-side cookies. I don't see a (security) problem here.

Your pickle_decode leaks information about the key. An attacker will eventually (a few seconds to a few minutes, depending on how they have access to this system) be able to determine your key and send you arbitrary pickles (ie, execute arbitrary code on your system).

Oops.

This stuff is hard. If you're going to mess around with it, make sure you're *serious* (better approach: don't mess around with it).

Jean-Paul
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Reply via email to