As I said before, the existing implementation is secure, if the SECRET_KEY is kept secret. The sky is not falling, don't panic.
> Isn't there also the possibility that the attacker can somehow get arbitrary > data signed into the session cookie without knowing SECRET_KEY? That's not a viable attack route. It's much less likely than a developer exposing their SECRET_KEY. The signing process for the cookie pickles the data passed in, and it's not possible to create a malicious pickle by passing arbitrary data into the pickle function. It's only possible if the data can be modified after it has been pickled, which the signing explicitly prevents. > Forgetaboutit, the exact same problem is there for every session backend. > This btw means that having write access to django_session table means exploit > of all Django instances using that DB, right? No, the same problem is not there for every session backend. The ones which are written to disk are signed in the same fashion. It is assumed that if an attacker has raw write access to your database, you have much bigger problems (especially since many databases directly allow system-level code execution in some form or another). I've looked at that code extensively, it's fine. -Paul -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
