How to securely store LWPCookieJar objects in python?
https://stackoverflow.com/questions/10866660
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm using a cookielib.LWPCookieJar object in Python 2.6 to save cookies and re-load them on future invocations of my script. The save() method produces files with the default permissions - that is, other users on my system can read (and presumably then use) cookies I save this way.
It seems to me that persistent cookies should usually be saved in a user-only readable file (umask 077), for security. Is there a way to do this without re-implementing the save() method in my own subclass?
Solution
I agree that this is important -- sessions IDs are often saved as cookies.
Would it suffice to save the cookie to a file in a directory which only the user can access?
os.mkdir( myTmpDir, 0700 )
// Now save the CookieJar in there...
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
