I'm using a cookielib.LWPCookieJar object in Python 2.6 to save cookies and re-load them on future invocations of my script. The save() method produces files with the default permissions - that is, other users on my system can read (and presumably then use) cookies I save this way.
It seems to me that persistent cookies should usually be saved in a user-only readable file (umask 077), for security. Is there a way to do this without re-implementing the save() method in my own subclass?
I agree that this is important -- sessions IDs are often saved as cookies.
Would it suffice to save the cookie to a file in a directory which only the user can access?
os.mkdir( myTmpDir, 0700 )
// Now save the CookieJar in there...