[Nitro] NASTY bug
george.moschovitis at gmail.com
Fri Nov 9 03:54:12 EST 2007
I am trying to find a nasty bug in
this file implements a cookie based session store, ie the session data is
serialized to/from a cookie.
for security we store both the serialized session data and an encrypted
version of it (called diggest).
when deserializing we check the raw data against the diggest to find out if
the user has tampered the data.
this scheme works 90%. But some times (seemingly random) the diggest check
fails (ie crypt(data) != diggest)
for no apparent reason.
I would like to really ask everyone on this list with some free time to have
a look at the code and help me track down
this nasty bug.
thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Nitro-general