On 1/17/06, Kevin Dangoor <[EMAIL PROTECTED]> wrote: > On 1/17/06, Matthew Bevan <[EMAIL PROTECTED]> wrote: > > Similar limitations hold true for classes. Executable code, say uncompiled > > Python or Python bytecode, is not pickled or unpickled as such. Thus, we > > determined the risk to be exceedingly small. The risk is further reduced by > > the lack of exec() statements in the tg_flash handling code. Also, I've > > added a small checksum to the cookie to help prevent spoofing, for whatever > > reason someone may. > > You're certainly right that the lack of exec() helps, but I'd still > pose the question on c.l.py before putting pickles in cookies.
Not to mention that "pickle cookies" taste awful :) Kevin
