crates.io security incident: improperly stored session cookies (blog.rust-lang.org)

submitted 3 months ago by neme@lemm.ee to c/rust@programming.dev

5 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] DWin@feddit.uk 13 points 3 months ago

Would using rust have prevented this issue?

[-] Traister101@lemmy.today 5 points 3 months ago

Lol but no essentially somebody accidentally logged the ID for an actively logged in user (not the user ID) when an error happens. Surprising they even released a thing about this

[-] DWin@feddit.uk 1 points 3 months ago

Yeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare

[-] Miaou@jlai.lu 2 points 3 months ago

Probably some automatic serialization that included the field. Someone forgot a #[serde(skip)]!

[-] DWin@feddit.uk 2 points 3 months ago

Yeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs

this post was submitted on 12 Apr 2025

29 points (100.0% liked)

Rust

7159 readers

7 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 2 years ago

MODERATORS

snowe@programming.dev

Ategon@programming.dev

EdTheLegendary@programming.dev

kahnclusions@programming.dev

torcherist@programming.dev