If I understand this correctly, given that a private key is needed to successful... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

bhauer on Jan 3, 2013 | parent | context | favorite | on: Rails SQL injection vulnerability: here are the fa...

If I understand this correctly, given that a private key is needed to successfully modify the signed HTTP cookie, for a closed-source project using Ruby, Rails, and Authlogic, this vulnerability might be better characterized as an "unintentional backdoor."

numbsafari on Jan 3, 2013 [–]

Yep, but even if you have a closed-source project you should avoid checking in any secret keys or other credentials to your source control system.

Consider applying for YC's W25 batch! Applications are open till Nov 12.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact