I'm using a cookielib.LWPCookieJar
object in Python 2.6 to save cookies and re-load them on future invocations of my script. The save()
method produces files with the default permissions - that is, other users on my system can read (and presumably then use) cookies I save this way.
It seems to me that persistent cookies should usually be saved in a user-only readable file (umask 077), for security. Is there a way to do this without re-implementing the save()
method in my own subclass?
I agree that this is important -- sessions IDs are often saved as cookies.
Would it suffice to save the cookie to a file in a directory which only the user can access?
os.mkdir( myTmpDir, 0700 )
// Now save the CookieJar in there...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.