Rails 2.0 CookieStore insecure after all, because…
1
Hit
Rails 2.0 CookieStore insecure after all, because…
In the initial version of my blog post Rails 2.0, cookie session store and security, I concluded that, if given a sufficient complex secret, forging the session data is computationally infeasible. Jamie Flournoy’s comment (see the comments section), as well as this page, turned the tide.
- Submitted:
- 10 months ago
- Submitter:
- Scott Sherwood
- Tags:
- session
- Punch it:
- Punch
0 comments
News Search
News Tags
ActiveMerchant backup Beanstalk Blackbook Book Charts Contacts DesignPatterns developer DHH Documentation EdgeRails email Facebook Geo giston git Google IDE Job Joins Keynote Leopard Mac MacPorts Maps Pagination PDF Performance profiler Rails RailsConf RegularExpression ruby RubyGems ScreenCast Security session starling Test Tests Textmate Time TimeZone TIOBE validation workling yahoo ZedSponsors
Please log in to leave a comment