search for: _csrf_token

Displaying 4 results from an estimated 4 matches for "_csrf_token".

2009 Oct 17
3
Security problems with CookieStore and CSRF protection
Dear Rails community, As part of a programming languages/security research group at the University of Maryland, we are building some static analysis tools for Rails applications. These tools work by taking formally specified properties of interest, and then analyzing code to verify that those properties indeed hold. Using these tools, we found some security vulnerabilities in Rails, and we would
2010 Sep 02
0
controller failing to read flash
...the one redirected to), accessing the flash returns an empty hash, but the flash is stored and visible in the session. (rdb:21) session {:user_credentials=>"...", :session_id=>"...", :user_credentials_id=>1, :flash=>{:notice=>"Twitter status updated"}, :_csrf_token=>"..."} (rdb:21) session[:flash] {:notice=>"Twitter status updated"} (rdb:21) flash {} Looking at the source for flash in actionpack-2.3.8/lib/ action_controller/flash.rb, the difference is that the key is stored as a string and not a symbol. How could that disparity occu...
2012 Mar 05
0
Rails 3 - How can you get access to current_user in the IRB console?
...;{"login"=>"some-login-id", "password"=>"some-password"}}) >> app.get ''/some_other_path_that_only_works_if_logged_in'' >> pp app.response.body I''ve been able to get session info: >> app.session => {"_csrf_token"=>"1yAn0jI4VWzUH84PNTH0lVhjpY98e9echQGS4=", "session_id"=>"89984667d30d0fec71f2a5cbb9017e24"} I''ve tried everything I can think of to try to get to current_user via app and app.session, but no luck. How can I access current_user? -- You receiv...
2012 Jun 20
2
CentOS 6.2-x86-64
Greetings all, newbie to CentOS here. Also newbie to 64 bit installs. Package Manager problem: I found a yumex, which is not part of the 64 bit install, but it wants a way older version of python-2.4 whereas we have 2.6.6-something after the post install upgrade. 1st Question: Is there anything that can be done about this? Or is there something better, like a 64 bit synaptic to replace