Message 327246 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	aleskva
Recipients	aleskva, christian.heimes
Date	2018-10-06.13:58:56
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1538834336.96.0.545547206417.issue34915@psf.upfronthosting.co.za>
In-reply-to

Content
The LWPCookieJar.save() creates an *.lwp file containing session cookies in non-safe 644 mode (everyone can read it). This is not a secure behavior, especially for storing session keys or session cookies. The file should be created in 600 mode in my opinion. https://github.com/python/cpython/blob/3.7/Lib/http/cookiejar.py#L1872

The LWPCookieJar.save() creates an *.lwp file containing session cookies in non-safe 644 mode (everyone can read it). This is not a secure behavior, especially for storing session keys or session cookies. The file should be created in 600 mode in my opinion.

https://github.com/python/cpython/blob/3.7/Lib/http/cookiejar.py#L1872

History
Date	User	Action	Args
2018-10-06 13:58:57	aleskva	set	recipients: + aleskva, christian.heimes
2018-10-06 13:58:56	aleskva	set	messageid: <1538834336.96.0.545547206417.issue34915@psf.upfronthosting.co.za>
2018-10-06 13:58:56	aleskva	link	issue34915 messages
2018-10-06 13:58:56	aleskva	create