charlottebrf
commented
7 years ago @ajh146 I think this would be an interesting avenue to explore, to understand best practice from a security perspective as part of dev work.
Open melikecode opened 7 years ago
charlottebrf
commented
7 years ago @ajh146 I think this would be an interesting avenue to explore, to understand best practice from a security perspective as part of dev work.
melikecode
commented
7 years ago One of the thoughworks guys or even someone from Twitter might be able to give a good overview?
charlottebrf
commented
7 years ago Yes good idea. Actually I know exactly the person who is himself an ethical hacker- shall i reach out?
melikecode
commented
7 years ago Absolutely! Go for it
data in the json file is not encrypted. does that matter (e.g. outside of the competition, for best practice)? Or is the solution putting it into a database (does that offer more protection even though the data isn't encrypted, I presume)?
message in terminal: "SECURITY WARNING: No secret option provided to Rack::Session::Cookie. This poses a security threat. It is strongly recommended that you provide a secret to prevent exploits that may be possible from crafted cookies. This will not be supported in future versions of Rack, and future versions will even invalidate your existing user cookies."