Hi - I need to use SSL in certain areas of my app. I have read about ssl_required via the ''book'' and online: http://github.com/rails/ssl_requirement/tree/master It looks like what I need and want. However, I read that it may have issues with Nginx and that it may have loopholes in regards to securing requests from client to server. http://blog.aisleten.com/2008/06/02/beware-of-ssl_requirement/ I''m not certain of the validity of this or whether its been addressed. So I''m curious - what''s everyone using for SSL? Any help/tips greatly appreciated. Thanks!
Hi, I use ssl_requirement. I read the blog post about the holes, and really there is absolutely nothing to worry about, simply make sure the page where the form is displayed has https in the URL and you''re 100% safe. Anyway IE would issue a warning if the form that is about to submit data is not on a totally secured page (images, etc.). And now on Firefox 3.5 an https url also has a blue bar (or green bar for Extended Validation) so the user has a better visual information that the page he is on is secured. There are no security problems at all with ssl_requirement. -- Posted via http://www.ruby-forum.com/.
On my production server I proxy ssl through apache. On Bluehost I believe I will be doing the same thing. On Jul 25, 3:11 pm, Fernando Perez <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> Hi, > > I use ssl_requirement. I read the blog post about the holes, and really > there is absolutely nothing to worry about, simply make sure the page > where the form is displayed has https in the URL and you''re 100% safe. > > Anyway IE would issue a warning if the form that is about to submit data > is not on a totally secured page (images, etc.). And now on Firefox 3.5 > an https url also has a blue bar (or green bar for Extended Validation) > so the user has a better visual information that the page he is on is > secured. > > There are no security problems at all with ssl_requirement. > -- > Posted viahttp://www.ruby-forum.com/.