Camping 2.0 - What's left?
_why
why at whytheluckystiff.net
Sat May 24 23:43:01 EDT 2008
On Sun, May 25, 2008 at 12:25:08AM +0200, Magnus Holm wrote:
> * The cookie session is named Camping::Session and is placed in
> camping/session.rb. Maybe this should be called Camping::CookieSession or???
You know, these cookie sessions seem like they could be a problem.
A lot of sessions would contain just the hash and the user name.
So, spoof the user name and you're in, you know?
_why
More information about the Camping-list
mailing list