Rust

6785 readers

62 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

[email protected]

Credits

The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 2 years ago

MODERATORS

[email protected]

crates.io security incident: improperly stored session cookies (blog.rust-lang.org)

submitted 3 days ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

top 5 comments

sorted by: hot top controversial new old

[–] [email protected] 13 points 3 days ago (1 children)

Would using rust have prevented this issue?

[–] [email protected] 5 points 3 days ago (1 children)

Lol but no essentially somebody accidentally logged the ID for an actively logged in user (not the user ID) when an error happens. Surprising they even released a thing about this

[–] [email protected] 1 points 2 days ago (1 children)

Yeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare

[–] [email protected] 1 points 1 day ago (1 children)

Probably some automatic serialization that included the field. Someone forgot a #[serde(skip)]!

[–] [email protected] 1 points 15 hours ago

Yeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs