Nemeski to Rust@programming.dev • 2 months agocrates.io security incident: improperly stored session cookiesblog.rust-lang.orgexternal-linkmessage-square5fedilinkarrow-up129arrow-down10
arrow-up129arrow-down1external-linkcrates.io security incident: improperly stored session cookiesblog.rust-lang.orgNemeski to Rust@programming.dev • 2 months agomessage-square5fedilink
minus-square@DWin@feddit.uklinkfedilinkEnglish1•2 months agoYeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare
minus-square@Miaou@jlai.lulinkfedilink2•2 months agoProbably some automatic serialization that included the field. Someone forgot a #[serde(skip)]!
minus-square@DWin@feddit.uklinkfedilinkEnglish2•2 months agoYeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs
Yeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare
Probably some automatic serialization that included the field. Someone forgot a
#[serde(skip)]!Yeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs