stackoom
  简体   繁体   中英

How to securely store LWPCookieJar objects in python?

 原文  2012-06-02 23:19:22       python/ cookielib

Question

I'm using a cookielib.LWPCookieJar object in Python 2.6 to save cookies and re-load them on future invocations of my script. The save() method produces files with the default permissions - that is, other users on my system can read (and presumably then use) cookies I save this way.

It seems to me that persistent cookies should usually be saved in a user-only readable file (umask 077), for security. Is there a way to do this without re-implementing the save() method in my own subclass?

1 answers

solution1
 0 ACCPTED  2012-06-05 16:05:26

I agree that this is important -- sessions IDs are often saved as cookies.

Would it suffice to save the cookie to a file in a directory which only the user can access? 

os.mkdir( myTmpDir, 0700 )
// Now save the CookieJar in there...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to store a crypto key securely? How to securely pass credentials in python? How to securely and efficiently store SSN in a database? How to securely store database credentials in windows? How can I securely access and store a master security key that is being used in an active python file? How to securely store API keys and secrets? How to fix AttributeError: type object 'CookieJar' has no attribute 'LWPCookieJar'? How to generate passwords in Python 2 and Python 3? Securely? Are there any python modules to store passwords securely in .conf/.txt files? Python store password more securely via POST API request
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM