Security Assumptions Made Years Ago in Popular Open Source Web Application Frameworks Sparks Debate

WASHINGTON - Oct. 30, 2013 - PRLog -- G. S. McNamara brought public attention recently to the mechanisms used to store sessions belonging to visitors of websites built with the popular and open source web application frameworks Ruby on Rails and Django. The discussions are timely given the increasingly unknown level of security on the Internet.

The debate gained the attention of the press originally in two Threatpost articles Security Issue in Ruby on Rails Could Expose Cookies (http://threatpost.com/security-issue-in-ruby-on-rails-could-expose-cookies) and Security Vulnerability in Django Could Allow Attackers Access to Cookies. Software developers also discussed it at length on Hacker News, the social news website serving programmers and entrepreneurs. The technical discussions have focused on whether under specific configurations logging out of a website actually functions as a software developer would expect.

A high visibility website, GitHub.com, released a blog post covering recent changes they made to their website behind the scenes regarding how logout functionality was improved for their users.

Reach out directly to G. S. McNamara via email at Main@GSMcNamara.com, on Twitter @GSMcNamara, and on Linkedin (http://www.linkedin.com/in/gsmcnamara).