Hi, I was just poking around the \myapp\public\ folder and noticed the dispatch.rb there is accessible over the web. eg, http://www.tadalist.com/dispatch.rb I know its not really important, but somehow it feels wrong to me to expose my app/framework ''code'' to the browser. Cheers, Neville Burnell _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
Steven Critchfield
2005-Feb-25 00:19 UTC
Re: Rails ''private parts'' accessible to the browser
On Fri, 2005-02-25 at 11:07 +1100, Neville Burnell wrote:> Hi, > > I was just poking around the \myapp\public\ folder and noticed the > dispatch.rb there is accessible over the web. eg, > > http://www.tadalist.com/dispatch.rb > > I know its not really important, but somehow it feels wrong to me to > expose my app/framework ''code'' to the browser.I think that falls into a configuration error category. Specifically the web server at www.tadalist.com hasn''t been configured to know what to do with .rb files. Note it doesn''t work that way when you attempt the fcgi file nor the cgi file. Also it is simply fixable by removing anything you are not running. -- Steven Critchfield <critch-wQLwMjUOumVBDgjK7y7TUQ@public.gmane.org>
Neville Burnell
2005-Feb-25 00:28 UTC
RE: Rails ''private parts'' accessible to the browser
Also, while http://www.tadalist.com/dispatch.cgi gives a ''nice'' response, http://www.tadalist.com/dispatch.fcgi isnt so nice. Perhaps there should be a \app\views\rails\ which includes the standard views generated when something manageable goes wrong in Rails? ________________________________ From: rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org [mailto:rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org] On Behalf Of Neville Burnell Sent: Friday, 25 February 2005 11:08 AM To: rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org Subject: [Rails] Rails ''private parts'' accessible to the browser Hi, I was just poking around the \myapp\public\ folder and noticed the dispatch.rb there is accessible over the web. eg, http://www.tadalist.com/dispatch.rb I know its not really important, but somehow it feels wrong to me to expose my app/framework ''code'' to the browser. Cheers, Neville Burnell _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
Steven Critchfield
2005-Feb-25 01:49 UTC
RE: Rails ''private parts'' accessible to the browser
On Fri, 2005-02-25 at 11:28 +1100, Neville Burnell wrote:> Also, while http://www.tadalist.com/dispatch.cgi gives a ''nice'' > response, http://www.tadalist.com/dispatch.fcgi isnt so nice. > > Perhaps there should be a \app\views\rails\ which includes the > standard views generated when something manageable goes wrong in > Rails?The fcgi output is probably the output of the fast cgi portion complaining that it''s environment/communications isn''t set up the way it expects. So again this is outside of the rails frame work. It is a simple config problem that the fast cgi version wasn''t configured to run on that server and yet was exposed. -- Steven Critchfield <critch-wQLwMjUOumVBDgjK7y7TUQ@public.gmane.org>
Neville Burnell
2005-Feb-25 02:36 UTC
RE: Rails ''private parts'' accessible to the browser
>> The fcgi output is probably the output of the fast cgi portion >> complaining that it''s environment/communications isn''t set up >> the way it expects. So again this is outside of the rails frame >> work. It is a simple config problem that the fast cgi version >> wasn''t configured to run on that server and yet was exposed.Sure, but it reports "Application error (Rails)" hmmmm
On Fri, 25 Feb 2005 11:07:49 +1100, Neville Burnell <Neville.Burnell-uEDVyssJ3mUpAS55Wn97og@public.gmane.org> wrote:> > Hi, > > I was just poking around the \myapp\public\ folder and noticed the > dispatch.rb there is accessible over the web. eg, > > http://www.tadalist.com/dispatch.rb > > I know its not really important, but somehow it feels wrong to me to expose > my app/framework ''code'' to the browser. > > Cheers, > > Neville Burnell > >Heh, gmail marked this as spam. I think the reference to ''private parts'' did it. Joe
yup, it did it to me too, it put it in spam and labeled it with my rails label;) On Fri, 25 Feb 2005 08:47:05 -0800, Joe Van Dyk <joevandyk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Fri, 25 Feb 2005 11:07:49 +1100, Neville Burnell > <Neville.Burnell-uEDVyssJ3mUpAS55Wn97og@public.gmane.org> wrote: > > > > Hi, > > > > I was just poking around the \myapp\public\ folder and noticed the > > dispatch.rb there is accessible over the web. eg, > > > > http://www.tadalist.com/dispatch.rb > > > > I know its not really important, but somehow it feels wrong to me to expose > > my app/framework ''code'' to the browser. > > > > Cheers, > > > > Neville Burnell > > > > > > Heh, gmail marked this as spam. I think the reference to ''private > parts'' did it. > > Joe > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >