Camping 2.0 - What's left?
Aria Stewart
aredridel at nbtsc.org
Sun May 25 17:45:35 EDT 2008
On Sat, 2008-05-24 at 22:43 -0500, _why wrote:
> On Sun, May 25, 2008 at 12:25:08AM +0200, Magnus Holm wrote:
> > * The cookie session is named Camping::Session and is placed in
> > camping/session.rb. Maybe this should be called Camping::CookieSession or???
>
> You know, these cookie sessions seem like they could be a problem.
> A lot of sessions would contain just the hash and the user name.
> So, spoof the user name and you're in, you know?
Agreed, without an HMAC signature.
More information about the Camping-list
mailing list