Cookiejar File should not be world-readable

nausheenfatma / python-wikitools

Automatically exported from code.google.com/p/python-wikitools

0 stars 0 forks source link

Cookiejar File should not be world-readable #23

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

Short explanation of the problem:

Currently the cookie jar file is created world-readable. This can cause 
security problems, as the authentication cookie is stored in the jar and 
therefore can be re-used by other users.

Expected behavior:

The cookie jar file should be mode 0600.

This should easily be fixable by changing the open() call in 
wiki.py/WikiCookieJar/save to:
  f = open(filename, 'w', 0600)

Original issue reported on code.google.com by c...@zeha.at on 26 Jul 2009 at 11:19

GoogleCodeExporter commented 8 years ago

Apparently my 'easy fix' is invalid.

Original comment by c...@zeha.at on 26 Jul 2009 at 11:28

GoogleCodeExporter commented 8 years ago

The attached patch works, and probably is the cleanest way to do it with Python 
2.5.

Original comment by c...@zeha.at on 26 Jul 2009 at 1:23

Attachments:

wikitools-umask.patch

GoogleCodeExporter commented 8 years ago

Done in r254

Original comment by MrZmanwiki@gmail.com on 5 Aug 2009 at 11:39

Changed state: Fixed