Nemeski@lemm.ee to Rust@programming.dev · 15 days agocrates.io security incident: improperly stored session cookiesblog.rust-lang.orgexternal-linkmessage-square5fedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkcrates.io security incident: improperly stored session cookiesblog.rust-lang.orgNemeski@lemm.ee to Rust@programming.dev · 15 days agomessage-square5fedilink
minus-squareDWin@feddit.uklinkfedilinkEnglisharrow-up0·14 days agoYeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare
minus-squareMiaou@jlai.lulinkfedilinkarrow-up0·12 days agoProbably some automatic serialization that included the field. Someone forgot a #[serde(skip)]!
minus-squareDWin@feddit.uklinkfedilinkEnglisharrow-up0·12 days agoYeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs
Yeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare
Probably some automatic serialization that included the field. Someone forgot a
#[serde(skip)]!Yeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs