Message 94819 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	snprbob86
Recipients	snprbob86
Date	2009-11-02.07:34:02
SpamBayes Score	0.036596462
Marked as misclassified	No
Message-id	<1257147245.14.0.668660104401.issue7250@psf.upfronthosting.co.za>
In-reply-to

Content
This issue came up while doing Google App Engine development. Apparently the default wsgi handler logic is to cache os.environ into os_environ at import time. This is reasonable behavior for wsgi, but when using cgi, this is a serious security hole which leaks information between requests. See this related bug at GAE: http://code.google.com/p/googleappengine/issues/detail? id=2040&q=cookies%20dev_appserver.py&colspec=ID%20Type%20Status%20Priority %20Stars%20Owner%20Summary%20Log%20Component

This issue came up while doing Google App Engine development. Apparently 
the default wsgi handler logic is to cache os.environ into os_environ at 
import time. This is reasonable behavior for wsgi, but when using cgi, 
this is a serious security hole which leaks information between requests.

See this related bug at GAE:
http://code.google.com/p/googleappengine/issues/detail?
id=2040&q=cookies%20dev_appserver.py&colspec=ID%20Type%20Status%20Priority
%20Stars%20Owner%20Summary%20Log%20Component

History
Date	User	Action	Args
2009-11-02 07:34:05	snprbob86	set	recipients: + snprbob86
2009-11-02 07:34:05	snprbob86	set	messageid: <1257147245.14.0.668660104401.issue7250@psf.upfronthosting.co.za>
2009-11-02 07:34:03	snprbob86	link	issue7250 messages
2009-11-02 07:34:02	snprbob86	create