29
crates.io security incident: improperly stored session cookies
(blog.rust-lang.org)
Welcome to the Rust community! This is a place to discuss about the Rust programming language.
Credits
Yeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare
Probably some automatic serialization that included the field. Someone forgot a
#[serde(skip)]
!Yeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs