so Rails serializes its session using Marshal & you have to monkey patch to use another serializer! :( /cc @tenderlove #canIpatch
-
-
Replying to @mattetti
@mattetti@tenderlove a non monkeypatchy way to change this to JSON is also relevant to my interests1 reply 0 retweets 0 likes -
Replying to @tenderlove
@tenderlove@mattetti I would like to store sessions in such a way that if the secret token is leaked, an attacker doesn't get instant RCE2 replies 1 retweet 0 likes -
Replying to @bascule
@bascule@tenderlove in Rails 4, you can encrypt your session, not sure what RCE is.1 reply 0 retweets 0 likes -
Replying to @mattetti
@mattetti@bascule@tenderlove Remote code execution?1 reply 0 retweets 0 likes -
Replying to @bsodmike
@bsodmike@bascule@tenderlove no, RCE can only stand for http://en.wikipedia.org/wiki/Ring_Crew_Express …2 replies 0 retweets 0 likes
Replying to @mattetti
@mattetti @bsodmike @tenderlove lolol (but seriously yes remote code execution)
6:54 PM - 13 Nov 2013
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.