exception_notification The data and session sections are not filtered, and can leak sensitive information

The data and session sections are not filtered, and can leak sensitive information

Open trammel opened this issue 8 years ago • 0 comments

In the default _data and _session templates serialize the @data and @request.session information, but they aren't filtered. So sensitive information like the session_id and any other information stored there are exposed via whatever notification mechanism is used.

https://github.com/smartinez87/exception_notification/pull/363 submitted as well.

Aug 29 '16 13:08 trammel

exception_notification exception_notification copied to clipboard

The data and session sections are not filtered, and can leak sensitive information

exception_notification
exception_notification copied to clipboard