保护'泡菜' [英] Securing 'pickle'
问题描述
我正在编写一个Web应用程序框架,用于在客户端cookie中存储泡菜。
明显的安全风险是有些5cr1p7 X1ddi35将不可避免地尝试篡改cookie并使其变形,以试图获得运行任意代码的
服务器端python代码,或类似的东西< b / b
不合需要。
为了防范这种情况,我已经将pickle.Unpickler子类化了,并添加了
覆盖方法load_global ,load_inst,load_obj和find_class。
我的覆盖方法只是无条件地引发异常,导致
任何unpickle失败如果pickle试图解包任何东西甚至
类似于代码或对象。
我这样做优先于使用信誉良好的''bencode''模块来自
BitTorrent ,因为bencode不支持浮动。
我的问题 - 我做得还不够,或者有没有我蹒跚学步的方式可能会被一个畸形的cookie破坏吗?
干杯
David
Hi,
I''m writing a web app framework which stores pickles in client cookies.
The obvious security risk is that some 5cr1p7 X1ddi35 will inevitably try
tampering with the cookie and malforming it in an attempt to get the
server-side python code to run arbitrary code, or something similarly
undesirable.
To protect against this, I''ve subclassed pickle.Unpickler, and added
overrides of the methods load_global, load_inst, load_obj and find_class.
My override methods simply raise exceptions unconditionally, which causes
any unpickle to fail if the pickle tries to unpack anything even
resembling code or an object.
I did this in preference to using the reputable ''bencode'' module from
BitTorrent, because bencode doesn''t support floats.
My question - have I done enough, or are there still ways where my hobbled
unpickler could be subverted by a malformed cookie?
Cheers
David
推荐答案
在星期五,2003年7月11日13:20:48 +1200,David McNab写道:
On Fri, 11 Jul 2003 13:20:48 +1200, David McNab wrote:
我正在写作一个web应用程序框架,它将pickle存储在客户端
cookies中。
I''m writing a web app framework which stores pickles in client
cookies.
除了安全问题之外,听起来像是浪费带宽
你加注。
为什么不把咸菜存放在服务器上,并设置一个会话cookie到
引用它们?这样,你只需要发送一个简短的会话ID而不是整个泡菜,而且搞乱饼干并没有改变泡菜。
(嗯,所有这些谈论食物......)
-
\我对音乐一无所知。在我的行中你没有|
` \ to。 - Elvis Aaron Presley(1935-1977)|
_o__)|
http://bignose.squidly.org/ 9CFE12B0 791A4267 887F520C B7AC2E51 BD41714B
Sounds like a waste of bandwidth, in addition to the security concerns
you raise.
Why not store the pickles on the server, and set a session cookie to
refer to them? That way, you only send a short session ID instead of
the whole pickle, and messing with the cookie doesn''t alter the pickles.
(Mmm, all this talk of food...)
--
\ "I don''t know anything about music. In my line you don''t have |
`\ to." -- Elvis Aaron Presley (1935-1977) |
_o__) |
http://bignose.squidly.org/ 9CFE12B0 791A4267 887F520C B7AC2E51 BD41714B
Paul Rubin写道:
Paul Rubin wrote:
因为现在您需要一种机制来在
服务器上存储会话信息,并且您可能希望它能够在多个负载均衡的服务器上工作,这些服务器会相互故障转移等等。
Because now you need a mechanism to store the session info on the
server, and you might want it to work across multiple load-balanced
servers that fail over to one another, etc.
在我看来,这远远优于在
第一名中提供漏洞利用的机会。根据该cookie内容的内容
,你建议的可能根本不是问题(取决于其中包含的数据的重要程度是多少)。
-
Erik Max Francis&& ma*@alcyone.com && http://www.alcyone.com/max/
__美国加利福尼亚州圣何塞市&& 37 20 N 121 53 W&& & tSftDotIotE
/ \我宁愿理解一个原因而不是波斯国王。
\ __ / Democritus
That''s far superior to presenting the opportunity to exploits in the
first place, in my opinion. Depending on the contents of the contents
of that cookie, what you suggest may not be a problem at all (depending
on how critical the data contained therein is).
--
Erik Max Francis && ma*@alcyone.com && http://www.alcyone.com/max/
__ San Jose, CA, USA && 37 20 N 121 53 W && &tSftDotIotE
/ \ I would rather understand one cause than be king of Persia.
\__/ Democritus
Erik Max Francis< ma*@alcyone.com>写道:
Erik Max Francis <ma*@alcyone.com> writes:
因为现在你需要一种机制来在
服务器上存储会话信息,你可能希望它能够跨多个负载均衡<相互故障转移的服务器等等
Because now you need a mechanism to store the session info on the
server, and you might want it to work across multiple load-balanced
servers that fail over to one another, etc.
在我看来,这远远优于在首先提供漏洞的机会。根据该cookie内容的内容,您建议的内容可能根本不是问题(取决于其中包含的数据的重要程度)。
That''s far superior to presenting the opportunity to exploits in the
first place, in my opinion. Depending on the contents of the contents
of that cookie, what you suggest may not be a problem at all (depending
on how critical the data contained therein is).
我不知道你在这说什么。我的建议是使用加密校验和对
进行身份验证,并在反序列化cookie之前验证
身份验证。这可能是
最简单的方法。在多进程服务器上保留会话信息(或者更糟糕的是,多服务器网络)需要某种并发存储
机制。我没有看到一个强大,安全,低开销的方式来使用开箱即用的Python来做到这一点。有什么建议吗?
I''m not sure what you''re saying here. My suggestion is to
authenticate the cookies with a cryptographic checksum and verify the
authentication before deserializing the cookies. That''s probably the
simplest approach. Keeping session info on a multi-process server (or
worse, a multi-server network) needs some kind of concurrent storage
mechanism. I don''t see a robust, secure, low-overhead way to do that
with out-of-the-box Python. Any suggestions?
这篇关于保护'泡菜'的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
