Ruby Security


Ruby on Rails is a popular application platform that uses cookies to identify application sessions. The cookie consists of two parts: cookie-value and signature. Whenever Rails gets a cookie, it verifies that the cookie has not been tampered with by verifying that the hash/signature of the cookie-value sent matches the signature sent. Demarshalling cookies to retrieve the content generally consists of three logical steps: url_decoded_cookie = CGI::unescape(cookie_value) b64_decoded_session = Base64.decode64(url_decoded_cookie) session = Marshal.load(b64_decoded_session) During many…