"As far as i'm concerned, any app that's keeping secrets from me about me is not the kind of app I want to be using anyway."
I feel like I just read this exact line somewhere else in the last few days... -- Eric On Sun, May 25, 2008 at 2:02 AM, Bluebie, Jenna <[EMAIL PROTECTED]> wrote: > I forgot to mention though, the signing just stops users from changing the > session data without the server knowing, it doesn't stop them from reading > it. Any data in the session when using the cookie sessions store only needs > to be base64 decoded and unmarshaled with ruby to find out what's inside. As > far as i'm concerned, any app that's keeping secrets from me about me is not > the kind of app I want to be using anyway. > > > On 25/05/2008, at 1:43 PM, _why wrote: > >> On Sun, May 25, 2008 at 12:25:08AM +0200, Magnus Holm wrote: >>> >>> * The cookie session is named Camping::Session and is placed in >>> camping/session.rb. Maybe this should be called Camping::CookieSession >>> or??? >> >> You know, these cookie sessions seem like they could be a problem. >> A lot of sessions would contain just the hash and the user name. >> So, spoof the user name and you're in, you know? >> >> _why >> _______________________________________________ >> Camping-list mailing list >> Camping-list@rubyforge.org >> http://rubyforge.org/mailman/listinfo/camping-list > > _______________________________________________ > Camping-list mailing list > Camping-list@rubyforge.org > http://rubyforge.org/mailman/listinfo/camping-list > _______________________________________________ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list