Nemeski@lemm.ee to Rust · 13 days agocrates.io security incident: improperly stored session cookiesblog.rust-lang.orgexternal-linkmessage-square5linkfedilinkarrow-up128arrow-down10
arrow-up128arrow-down1external-linkcrates.io security incident: improperly stored session cookiesblog.rust-lang.orgNemeski@lemm.ee to Rust · 13 days agomessage-square5linkfedilink
minus-squareDWin@feddit.uklinkfedilinkEnglisharrow-up1·12 days agoYeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare
minus-squareMiaou@jlai.lulinkfedilinkarrow-up2·10 days agoProbably some automatic serialization that included the field. Someone forgot a #[serde(skip)]!
minus-squareDWin@feddit.uklinkfedilinkEnglisharrow-up2·10 days agoYeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs
Yeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare
Probably some automatic serialization that included the field. Someone forgot a
#[serde(skip)]!Yeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs