Displaying 1 result from an estimated 1 matches for "appsec".
Did you mean:
apprec
2007 Nov 20
29
Don't make cookie-stored sessions a default
...ce attacked.
I understand that this has been set due to speed advantages, but I
believe it''s better to make better security a default.
I''ve written a blog post about this
http://www.rorsecurity.info/2007/11/20/rails-20-cookies/
and Corey Benninger presented this at on the OWASP AppSec conference:
http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/
Heiko.
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To...