Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Metadata
ID:ruby-security/rails-cookies-serializer
Language: Ruby
Severity: Warning
Category: Security
Description
This rule states that cookies in a Ruby on Rails application should be serialized using JSON. This is important because JSON is a safer method for serialization compared to others like :marshal and :hybrid. The :marshal method is known to have potential security vulnerabilities, and the :hybrid method, while safer than :marshal, is still not as secure as JSON.
Cookies often contain sensitive data, and if they are not properly serialized, it could lead to security issues such as unauthorized access to user data. Therefore, it’s crucial to use a secure method for cookie serialization to protect your application and its users.
To adhere to this rule, always set your cookie serializer to :json in your Rails application configuration. This can be done by adding the line Rails.application.config.action_dispatch.cookies_serializer = :json to your configuration file. This ensures that all cookies are serialized safely using JSON, thus reducing the risk of potential security vulnerabilities.
