Comments for saush http://blog.saush.com technology, people and life in general Fri, 12 Mar 2010 12:08:56 +0000 http://wordpress.com/ hourly 1 Comment on Write a Sinatra-based Twitter clone in 200 lines of Ruby code by Joe http://blog.saush.com/2009/04/02/write-a-sinatra-based-twitter-clone-in-200-lines-of-ruby-code/#comment-1187 Joe Fri, 12 Mar 2010 12:08:56 +0000 http://blog.saush.com/?p=314#comment-1187 Seems like your session key has a huge security flaw. In your login route you set: session[:userid] = user.id But that's just a serial primary key, which means it's really easy to guess a valid session id (you wouldn't know who you were impersonating, but you could easily impersonate *someone* else). It would be better to have separate LoginSession and User datamapper models, and do something like: session[:sessionid] = login_session.uuid Using a UUID makes it highly unlikely that one user can guess any other valid session identiier. It also allows easily expiring login sessions (delete the LoginSession records) without affecting users. Seems like your session key has a huge security flaw. In your login route you set:

session[:userid] = user.id

But that’s just a serial primary key, which means it’s really easy to guess a valid session id (you wouldn’t know who you were impersonating, but you could easily impersonate *someone* else). It would be better to have separate LoginSession and User datamapper models, and do something like:

session[:sessionid] = login_session.uuid

Using a UUID makes it highly unlikely that one user can guess any other valid session identiier. It also allows easily expiring login sessions (delete the LoginSession records) without affecting users.

]]> Comment on My first contribution to an O’Reilly book (Rails Cookbook) by topshops http://blog.saush.com/2006/10/31/my-first-contribution-to-an-oreilly-book-rails-cookbook-2/#comment-1185 topshops Fri, 12 Mar 2010 08:49:42 +0000 http://blog.saush.com/?p=143#comment-1185 For anybody Hello! Come on <a href="http://topshops.biz" rel="nofollow">Market</a>. For anybody Hello! Come on Market.

]]> Comment on Write a Sinatra-based Twitter clone in 200 lines of Ruby code by Altermatt http://blog.saush.com/2009/04/02/write-a-sinatra-based-twitter-clone-in-200-lines-of-ruby-code/#comment-1184 Altermatt Fri, 12 Mar 2010 01:53:17 +0000 http://blog.saush.com/?p=314#comment-1184 I had sex for the first time after a total hysterectomy, and he went too deel and I had a shatp pain and some bleeding. I am still spottihg and I have alot of pain. Is this normal?; I had sex for the first time after a total hysterectomy, and he went too deel and I had a shatp pain and some bleeding. I am still spottihg and I have alot of pain. Is this normal?;

]]> Comment on Naive Bayesian Classifiers and Ruby by Shirley http://blog.saush.com/2009/02/11/naive-bayesian-classifiers-and-ruby/#comment-1183 Shirley Thu, 11 Mar 2010 14:04:20 +0000 http://blog.saush.com/?p=238#comment-1183 blog.saushc.om, howa do you do it? blog.saushc.om, howa do you do it?

]]> Comment on Desktop Chinese-English lookup dictionary by Leonardo Chalfant http://blog.saush.com/2006/09/26/desktop-chinese-english-lookup-dictionary/#comment-1182 Leonardo Chalfant Wed, 10 Mar 2010 11:22:28 +0000 http://blog.saush.com/?p=130#comment-1182 Super info&fine site. Super info&fine site.

]]>