Hi, Am Fr, den 27.08.2004 schrieb Lennart Regebro um 11:32:
Lennart Regebro wrote:
Another idea: Maybe I could make an object that does not have public access, and store that in the session?
That seems to work!
Here is the class:
class ProtectedUsername: """An object where the username is not accessible from user code.""" def _setUsername(self, username): self.__username = username
def _getUsername(self): return self.__username
Very simple indeed.
It is impossible to define up a class that has methods that start with underscore from user code. and even other usercode classes seem not to be pickable (is that correct?) so even though you can replace the value of SESSION['__ac'] you can't replace it with any usercode object, and definitely not with anything that has a _getUsername() method. And, as additional security, when I use I check that it really is a ProtectedUsername object:
if ob is not None and isinstance(ob, ProtectedUsername): username = ob._getUsername()
This *should* mean, that as long as you don't allow usercode to import a ProtectedUsername object, it should be safe. In fact, you can't even figure out what the username is. ;)
Even a traceback will not show this username anymore if its inside an object without __repr__ :-) Regards Tino