this post was submitted on 12 Apr 2025
29 points (100.0% liked)

Rust

6896 readers
49 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

[email protected]

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 2 years ago
MODERATORS
snowe
Ategon
EdTheLegendary
kahnclusions
torcherist
29
crates.io security incident: improperly stored session cookies (blog.rust-lang.org)
submitted 4 weeks ago by [email protected] to c/rust
5 comments fedilink hide all child comments
top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 13 points 4 weeks ago (1 children)

Would using rust have prevented this issue?

[–] [email protected] 5 points 4 weeks ago (1 children)

Lol but no essentially somebody accidentally logged the ID for an actively logged in user (not the user ID) when an error happens. Surprising they even released a thing about this

[–] [email protected] 1 points 3 weeks ago (1 children)

Yeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare

[–] [email protected] 2 points 3 weeks ago (1 children)

Probably some automatic serialization that included the field. Someone forgot a #[serde(skip)]!

[–] [email protected] 2 points 3 weeks ago

Yeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs