Nemeski@lemm.ee to Rust@programming.dev · 4 days agocrates.io security incident: improperly stored session cookiesblog.rust-lang.orgexternal-linkmessage-square5fedilinkarrow-up128arrow-down10
arrow-up128arrow-down1external-linkcrates.io security incident: improperly stored session cookiesblog.rust-lang.orgNemeski@lemm.ee to Rust@programming.dev · 4 days agomessage-square5fedilink
minus-squareDWin@feddit.uklinkfedilinkEnglisharrow-up1·3 days agoYeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare
minus-squareMiaou@jlai.lulinkfedilinkarrow-up1·1 day agoProbably some automatic serialization that included the field. Someone forgot a #[serde(skip)]!
minus-squareDWin@feddit.uklinkfedilinkEnglisharrow-up1·23 hours agoYeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs
Yeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare
Probably some automatic serialization that included the field. Someone forgot a
#[serde(skip)]!Yeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs