Open melikecode opened 7 years ago
@ajh146 I think this would be an interesting avenue to explore, to understand best practice from a security perspective as part of dev work.
One of the thoughworks guys or even someone from Twitter might be able to give a good overview?
Yes good idea. Actually I know exactly the person who is himself an ethical hacker- shall i reach out?
Absolutely! Go for it
data in the json file is not encrypted. does that matter (e.g. outside of the competition, for best practice)? Or is the solution putting it into a database (does that offer more protection even though the data isn't encrypted, I presume)?
message in terminal: "SECURITY WARNING: No secret option provided to Rack::Session::Cookie. This poses a security threat. It is strongly recommended that you provide a secret to prevent exploits that may be possible from crafted cookies. This will not be supported in future versions of Rack, and future versions will even invalidate your existing user cookies."