[Nitro] NASTY bug

Trans transfire at gmail.com
Fri Nov 9 07:41:54 EST 2007



On Nov 9, 3:54 am, "George Moschovitis" <george.moschovi... at gmail.com>
wrote:
> Dear devs,
>
> I am trying to find a nasty bug in
>
> lib/raw/context/session/cookie.rb
>
> this file implements a cookie based session store, ie the session data is
> serialized to/from a cookie.
> for security we store both the serialized session data and an encrypted
> version of it (called diggest).
>
> when deserializing we check the raw data against the diggest to find out if
> the user has tampered the data.
>
> this scheme works 90%. But some times (seemingly random) the diggest check
> fails (ie  crypt(data) != diggest)
> for no apparent reason.
>
> I would like to really ask everyone on this list with some free time to have
> a look at the code and help me track down
> this nasty bug.

Ad you busting the 4K size limit?

T.



More information about the Nitro-general mailing list