New submission from Ales Kvapil <ales...@mailinator.com>:
The LWPCookieJar.save() creates an *.lwp file containing session cookies in non-safe 644 mode (everyone can read it). This is not a secure behavior, especially for storing session keys or session cookies. The file should be created in 600 mode in my opinion. https://github.com/python/cpython/blob/3.7/Lib/http/cookiejar.py#L1872 ---------- assignee: christian.heimes components: IO, Library (Lib), SSL messages: 327246 nosy: aleskva, christian.heimes priority: normal severity: normal status: open title: LWPCookieJar.save() creates *.lwp file in 644 mode type: security versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue34915> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
