this post was submitted on 12 Apr 2025
28 points (100.0% liked)

Rust

6836 readers
29 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
EdTheLegendary@programming.dev
kahnclusions@programming.dev
torcherist@programming.dev
28
crates.io security incident: improperly stored session cookies (blog.rust-lang.org)
submitted 1 week ago by neme@lemm.ee to c/rust@programming.dev
5 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Traister101@lemmy.today 5 points 1 week ago (1 children)

Lol but no essentially somebody accidentally logged the ID for an actively logged in user (not the user ID) when an error happens. Surprising they even released a thing about this

[–] DWin@feddit.uk 1 points 1 week ago (1 children)

Yeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare

[–] Miaou@jlai.lu 2 points 1 week ago (1 children)

Probably some automatic serialization that included the field. Someone forgot a #[serde(skip)]!

[–] DWin@feddit.uk 2 points 1 week ago

Yeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs