[Nitro] NASTY bug
George Moschovitis
george.moschovitis at gmail.com
Fri Nov 9 03:54:12 EST 2007
Dear devs,
I am trying to find a nasty bug in
lib/raw/context/session/cookie.rb
this file implements a cookie based session store, ie the session data is
serialized to/from a cookie.
for security we store both the serialized session data and an encrypted
version of it (called diggest).
when deserializing we check the raw data against the diggest to find out if
the user has tampered the data.
this scheme works 90%. But some times (seemingly random) the diggest check
fails (ie crypt(data) != diggest)
for no apparent reason.
I would like to really ask everyone on this list with some free time to have
a look at the code and help me track down
this nasty bug.
thanks in advance,
-g.
--
http://me.gr
http://joy.gr
http://cull.gr
http://nitroproject.org
http://phidz.com
http://joyerz.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/nitro-general/attachments/20071109/81713e13/attachment.html
More information about the Nitro-general
mailing list