On 1/17/06, Matthew Bevan <[EMAIL PROTECTED]> wrote: > Similar limitations hold true for classes. Executable code, say uncompiled > Python or Python bytecode, is not pickled or unpickled as such. Thus, we > determined the risk to be exceedingly small. The risk is further reduced by > the lack of exec() statements in the tg_flash handling code. Also, I've > added a small checksum to the cookie to help prevent spoofing, for whatever > reason someone may.
You're certainly right that the lack of exec() helps, but I'd still pose the question on c.l.py before putting pickles in cookies. Kevin
