Hacker News new | ask | show | jobs
by jim-greer 4520 days ago
It's worth mentioning that Github has forked Rails and is working off their own private branch of Rails 2.3. Not saying that was relevant to this exploit, mind you.

https://github.com/github/rails

http://www.kalzumeus.com/2013/06/17/if-your-business-uses-ra...
1 comments
pjungwir 4520 days ago
It is relevant to this:

> I . . . decoded _gist_session cookie (which is regular Rails Base64 encoded cookie)

In Rails 4 the session cookie is encrypted with a server-side secret, so the end user can't decipher it.

link
kneath 4520 days ago
Gist is indeed running Rails 4.
link
steveklabnik 4520 days ago
Isn't gist an entirely separate application from dotcom? My impression was gist is a Sinatra app, not Rails.
link