summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/api/session.rst8
-rw-r--r--docs/glossary.rst4
-rw-r--r--docs/index.rst2
-rw-r--r--docs/narr/introduction.rst4
-rw-r--r--docs/narr/sessions.rst83
-rw-r--r--docs/tutorials/wiki2/definingviews.rst2
6 files changed, 71 insertions, 32 deletions
diff --git a/docs/api/session.rst b/docs/api/session.rst
index 53bae7c52..d0cb112ec 100644
--- a/docs/api/session.rst
+++ b/docs/api/session.rst
@@ -5,15 +5,11 @@
.. automodule:: pyramid.session
- .. autofunction:: signed_serialize
-
- .. autofunction:: signed_deserialize
-
.. autofunction:: SignedCookieSessionFactory
- .. autofunction:: UnencryptedCookieSessionFactoryConfig
-
.. autofunction:: BaseCookieSessionFactory
.. autoclass:: PickleSerializer
+ .. autoclass:: JSONSerializer
+
diff --git a/docs/glossary.rst b/docs/glossary.rst
index 587e7c63e..ec4cffef2 100644
--- a/docs/glossary.rst
+++ b/docs/glossary.rst
@@ -343,7 +343,7 @@ Glossary
full-featured Python web framework.
Grok
- `A web framework based on Zope 3 <http://grok.zope.org>`_.
+ `A web framework based on Zope 3 <https://web.archive.org/web/20180615015013/http://grok.zope.org>`_.
Django
`A full-featured Python web framework <https://www.djangoproject.com/>`_.
@@ -1083,7 +1083,7 @@ Glossary
Green Unicorn
Aka ``gunicorn``, a fast :term:`WSGI` server that runs on Unix under
- Python 2.6+ or Python 3.1+. See http://gunicorn.org/ for detailed
+ Python 2.6+ or Python 3.1+. See https://gunicorn.org/ for detailed
information.
predicate factory
diff --git a/docs/index.rst b/docs/index.rst
index 76d23b4f4..19cff9414 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -66,7 +66,7 @@ Official tutorials provide a quick overview of :app:`Pyramid`'s features in more
Support and Development
=======================
-The `Pyramid website <https://trypyramid.com/resources.html>`_ is the main
+The `Pyramid website <https://trypyramid.com/documentation.html>`_ is the main
entry point to :app:`Pyramid` web framework resources for support and
development information.
diff --git a/docs/narr/introduction.rst b/docs/narr/introduction.rst
index 3ee6b5367..9293386f2 100644
--- a/docs/narr/introduction.rst
+++ b/docs/narr/introduction.rst
@@ -52,7 +52,7 @@ Modern
Tested
~~~~~~
-Untested code is broken by design. The :app:`Pyramid` community has a strong testing culture and our framework reflects that. Every release of :app:`Pyramid` has 100% statement coverage (as measured by `coverage <https://coverage.readthedocs.io/en/latest/>`_) and 95% decision/condition coverage. (as measured by `instrumental <https://instrumental.readthedocs.io/en/latest/intro.html>`_) It is automatically tested using `Travis <https://travis-ci.org/Pylons/pyramid>`_ and `Jenkins <http://jenkins.pylonsproject.org/job/pyramid/>`_ on supported versions of Python after each commit to its GitHub repository. `Official Pyramid add-ons <https://trypyramid.com/resources-extending-pyramid.html>`_ are held to a similar testing standard.
+Untested code is broken by design. The :app:`Pyramid` community has a strong testing culture and our framework reflects that. Every release of :app:`Pyramid` has 100% statement coverage (as measured by `coverage <https://coverage.readthedocs.io/en/latest/>`_) and 95% decision/condition coverage. (as measured by `instrumental <https://instrumental.readthedocs.io/en/latest/intro.html>`_) It is automatically tested using `Travis <https://travis-ci.org/Pylons/pyramid>`_ and `Jenkins <http://jenkins.pylonsproject.org/job/pyramid/>`_ on supported versions of Python after each commit to its GitHub repository. `Official Pyramid add-ons <https://trypyramid.com/extending-pyramid.html>`_ are held to a similar testing standard.
We still find bugs in :app:`Pyramid`, but we've noticed we find a lot fewer of them while working on projects with a solid testing regime.
@@ -173,7 +173,7 @@ Supported :app:`Pyramid` add-ons are held to the same demanding standards as the
.. seealso::
- See also https://trypyramid.com/resources-extending-pyramid.html
+ See also https://trypyramid.com/extending-pyramid.html
Write your views, *your* way
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/narr/sessions.rst b/docs/narr/sessions.rst
index 2d80b1a63..ded7e87e3 100644
--- a/docs/narr/sessions.rst
+++ b/docs/narr/sessions.rst
@@ -59,25 +59,68 @@ using the :meth:`pyramid.config.Configurator.set_session_factory` method.
By default the :func:`~pyramid.session.SignedCookieSessionFactory`
implementation contains the following security concerns:
- - Session data is *unencrypted*. You should not use it when you keep
- sensitive information in the session object, as the information can be
- easily read by both users of your application and third parties who have
- access to your users' network traffic.
-
- - If you use this sessioning implementation, and you inadvertently create a
- cross-site scripting vulnerability in your application, because the
- session data is stored unencrypted in a cookie, it will also be easier for
- evildoers to obtain the current user's cross-site scripting token.
-
- - The default serialization method, while replaceable with something like
- JSON, is implemented using pickle which can lead to remote code execution
- if your secret key is compromised.
-
- In short, use a different session factory implementation (preferably one
- which keeps session data on the server) for anything but the most basic of
- applications where "session security doesn't matter", you are sure your
- application has no cross-site scripting vulnerabilities, and you are confident
- your secret key will not be exposed.
+ - Session data is *unencrypted* (but it is signed / authenticated).
+
+ This means an attacker cannot change the session data, but they can view it.
+ You should not use it when you keep sensitive information in the session object, as the information can be easily read by both users of your application and third parties who have access to your users' network traffic.
+
+ At the very least, use TLS and set ``secure=True`` to avoid arbitrary users on the network from viewing the session contents.
+
+ - If you use this sessioning implementation, and you inadvertently create a cross-site scripting vulnerability in your application, because the session data is stored unencrypted in a cookie, it will also be easier for evildoers to obtain the current user's cross-site scripting token.
+
+ Set ``httponly=True`` to mitigate this vulnerability by hiding the cookie from client-side JavaScript.
+
+ - The default serialization method, while replaceable with something like JSON, is implemented using pickle which can lead to remote code execution if your secret key is compromised.
+
+ To mitigate this, set ``serializer=pyramid.session.JSONSerializer()`` to use :class:`pyramid.session.JSONSerializer`. This option will be the default in :app:`Pyramid` 2.0.
+ See :ref:`pickle_session_deprecation` for more information about this change.
+
+ In short, use a different session factory implementation (preferably one which keeps session data on the server) for anything but the most basic of applications where "session security doesn't matter", you are sure your application has no cross-site scripting vulnerabilities, and you are confident your secret key will not be exposed.
+
+.. index::
+ triple: pickle deprecation; JSON-serializable; ISession interface
+
+.. _pickle_session_deprecation:
+
+Upcoming Changes to ISession in Pyramid 2.0
+-------------------------------------------
+
+In :app:`Pyramid` 2.0 the :class:`pyramid.interfaces.ISession` interface will be changing to require that session implementations only need to support JSON-serializable data types.
+This is a stricter contract than the current requirement that all objects be pickleable and it is being done for security purposes.
+This is a backward-incompatible change.
+Currently, if a client-side session implementation is compromised, it leaves the application vulnerable to remote code execution attacks using specially-crafted sessions that execute code when deserialized.
+
+For users with compatibility concerns, it's possible to craft a serializer that can handle both formats until you are satisfied that clients have had time to reasonably upgrade.
+Remember that sessions should be short-lived and thus the number of clients affected should be small (no longer than an auth token, at a maximum). An example serializer:
+
+.. code-block:: python
+ :linenos:
+
+ from pyramid.session import JSONSerializer
+ from pyramid.session import PickleSerializer
+ from pyramid.session import SignedCookieSessionFactory
+
+ class JSONSerializerWithPickleFallback(object):
+ def __init__(self):
+ self.json = JSONSerializer()
+ self.pickle = PickleSerializer()
+
+ def dumps(self, value):
+ # maybe catch serialization errors here and keep using pickle
+ # while finding spots in your app that are not storing
+ # JSON-serializable objects, falling back to pickle
+ return self.json.dumps(value)
+
+ def loads(self, value):
+ try:
+ return self.json.loads(value)
+ except ValueError:
+ return self.pickle.loads(value)
+
+ # somewhere in your configuration code
+ serializer = JSONSerializerWithPickleFallback()
+ session_factory = SignedCookieSessionFactory(..., serializer=serializer)
+ config.set_session_factory(session_factory)
.. index::
single: session object
@@ -139,7 +182,7 @@ Some gotchas:
that they are instances of basic types of objects, such as strings, lists,
dictionaries, tuples, integers, etc. If you place an object in a session
data key or value that is not pickleable, an error will be raised when the
- session is serialized.
+ session is serialized. Please also see :ref:`pickle_session_deprecation`.
- If you place a mutable value (for example, a list or a dictionary) in a
session object, and you subsequently mutate that value, you must call the
diff --git a/docs/tutorials/wiki2/definingviews.rst b/docs/tutorials/wiki2/definingviews.rst
index 700a105b1..fe539eca6 100644
--- a/docs/tutorials/wiki2/definingviews.rst
+++ b/docs/tutorials/wiki2/definingviews.rst
@@ -149,7 +149,7 @@ We'll describe each one briefly in the following sections.
.. note::
- There is nothing special about the filename ``default.py`` exept that it is a
+ There is nothing special about the filename ``default.py`` except that it is a
Python module. A project may have many view callables throughout its codebase
in arbitrarily named modules. Modules implementing view callables often have
``view`` in their name (or may live in a Python subpackage of your
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-29 09:14:23 +0000