[Nitro] NASTY bug

George Moschovitis george.moschovitis at gmail.com
Fri Nov 9 03:54:12 EST 2007


Dear devs,

I am trying to find a nasty bug in

lib/raw/context/session/cookie.rb

this file implements a cookie based session store, ie the session data is
serialized to/from a cookie.
for security we store both the serialized session data and an encrypted
version of it (called diggest).

when deserializing we check the raw data against the diggest to find out if
the user has tampered the data.

this scheme works 90%. But some times (seemingly random) the diggest check
fails (ie  crypt(data) != diggest)
for no apparent reason.

I would like to really ask everyone on this list with some free time to have
a look at the code and help me track down
this nasty bug.

thanks in advance,
-g.


-- 
http://me.gr
http://joy.gr
http://cull.gr
http://nitroproject.org
http://phidz.com
http://joyerz.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/nitro-general/attachments/20071109/81713e13/attachment.html 


More information about the Nitro-general mailing list