Displaying 20 results from an estimated 74 matches for "forgeri".
Did you mean:
forgery
2009 Jun 09
3
protect_from_forgery doesnt protect from forgery
Maybe I am grasping the full usage of this protect_from_forgery
function, but it does not seem to work for me. Imagine the following:
A simple website with a user that needs to log in to do certain stuff
and a closed off admin section that only certain users can access that
have the is_admin field set to true.
So to be clear, my User model has a login, password and is_admin.
When displaying the
2008 May 08
1
disabling forgery protection
Hi,
I have to enable batch uploads to my website with CURL and forgery
protection in ApplicationController is standing in my way. I do use
the restful authentication plugin and I do call login_required on all
actions. Should I keep forgery protection around?
Forgery protection only makes sure that the client request has
originated from client''s session, right? Is there anything else
2010 Jul 19
0
Protect from forgery for Rest destroy action ???
Hi !!
I''m reading the rails guides about security, i had a question about the
forgery protection
If we consider a standard Restful resource ( generated with scaffold for
example ), the update and create actions are protected from forgery
attacks thanks to the authenticity token, but what about the destroy
method ??
<a href="/posts/2"
2008 Aug 21
4
forgery Protection
Has anybody solved this issue. [
http://rubyforge.org/pipermail/facebooker-talk/2008-April/000552.html ] ?
NameError (undefined local variable or method `controller'' for
#<LeaveController:0xb7144abc>):
/app/controllers/application.rb:24:in `verify_authenticity_token''
2008 Aug 25
1
Catch forgery errors
Hi all,
I am using ajax for some request but when the user session expire, I get
a ActionController::InvalidAuthenticityToke error.
Do you know how I could trap this error and redirect to the login panel
?
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails:
2005 May 12
1
Cross-site Request Forgery
Hi all,
I stuck a little bit of information on CSRF on the wiki
(http://wiki.rubyonrails.com/rails/show/HowToAvoidCrossSiteRequestForgery)
and created a "Security Concerns" page from the home page
(http://wiki.rubyonrails.com/rails/show/Security+Concerns) - it would
be good to have a single point of information for all know security
holes and fixes (even if they aren''t Rails
2009 May 05
3
Unable to deactivate forgery protection
Hi,
I just created a new Rails app that will be receiving some POSTed data
from the outside so it must skip the verify_authenticity_token for some
create actions. Although I have added:
skip_before_filter :verifiy_authenticity_token
I still get InvalidAuthenticityToken. In one of my other Rails app
(created back in Rails 1.2.6 and updated to 2.3.2 over time) this
skipping works perfectly though,
2006 Aug 02
0
How to counter Cross Site Request Forgery?
Hi,
We would like to create a unique string when a user logs in and pass the
string between actions. Each user can compare the incoming string with
the one stored in the session to assert whether the request is coming
from within the application or from a malicious external source.
What mechanism can we use to pass this string around?
Passing as params to the actions ,may not be an option as
2010 Jul 08
2
rspec-rails how to selectively turn on csrf protection for controller specs?
I''m setting up a Paypal IPN listener and need the create action to not
use rails'' default CSRF protection.
I''ve got that working fine & test it actually works with cucumber
(where I''ve turned CSRF back on, since it''s full-stack testing) but
would like my controller spec to mention the need for
protect_from_forgery :except => [:create] (and fail
2013 Mar 24
6
forgery protection for multiple browser tabs
Hi,
http://apidock.com/rails/ActionController/RequestForgeryProtection only
maintains one CSRF token at a time. When a user visits some site, he gets a
new token in the session. He then might open a linked site of the same
rails app in a new browser tab (maybe some info he''d like to read), and
again he will get a new token. Then he changes to the first tab again and
submits a form
2011 Jul 26
1
[Announce] Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available
Release Announcements
=====================
Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to
address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
2011 Jul 26
1
[Announce] Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available
Release Announcements
=====================
Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to
address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
2008 Sep 02
4
Rescue rails errors
Hi all,
Sometime, I get the following error in my application:
ActionController::InvalidAuthenticityToken in
ManageController#site_servers
ActionController::InvalidAuthenticityToken
I tried to put the code in manage controller between begin ... rescue
... end but it didn''t catch the error.
So I tried in the application.rb controller, I put the forgery code
between begin ... rescue ...
2008 Dec 22
0
FreeBSD Security Advisory FreeBSD-SA-08:12.ftpd
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-08:12.ftpd Security Advisory
The FreeBSD Project
Topic: Cross-site request forgery in ftpd(8)
Category: core
Module: ftpd
Announced:
2009 Mar 12
5
InvalidAuthenticityToken from home page
I''m trying to create a log in in index.html, but I keep getting an error
about InvalidAuthenticityToken. I understand this is something that RoR
puts in the forms, and it changes regularly. The problem is that the
home page in the public folder is html, and therefore static. has anyone
else put a log in on their home page?
--
Posted via http://www.ruby-forum.com/.
2004 Aug 06
0
Re: mail bounces
On Sun 21 Mar 2004 - 02:58:46 EST - James Couzens wrote:
> Mail coming from motherfish-II.xiph.org is likely getting dropped due to
> the following (which I pulled out of the headers of a piece of mail
> after wondering where all my speex email suddenly disappeared off to:
>
> 2.8 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server -
> [198.136.36.245 listed in
2019 Jul 17
0
pigeonhole question: filtering on delivered-to in case of fetchmail
> On 15 Jul 2019, at 18:11, Trever L. Adams via dovecot <dovecot at dovecot.org <https://dovecot.org/mailman/listinfo/dovecot>> wrote:
> >/So, one of the problems I am seeing is that people are trying to fake />/users into revealing information by sending from an outside domain but />/with an internal reply to address and claiming to be administration, IT />/or what
2008 Jun 06
2
422/InvalidAuthenticityToken with fb_request_form
All,
I''m using the ActiveRecord store for sessions and have gotten form
submissions to work, but I can''t get the fb:request-form that''s
generated by fb_request_form to work, it doesn''t seem to add hidden
fields for the token. Should it? Can it even (add extra fields to
the fb:request-form)?
My view:
<% content_for("challenge_content") do %>
2008 Apr 04
4
Auto Complete Problems
Hello All,
I''m a RoR newbiew, trying to experiment with Autocomplete, but I''m
having some difficulties. When I start typing in my input box, instead
of getting a nice drop down, the styling on my page is getting all out
of wack (ie my background colours change, link styling changes, etc) and
I''m not seeing any autcompletion data. Here are the steps I''ve taken
2019 Jul 16
3
pigeonhole question: filtering on delivered-to in case of fetchmail
So, one of the problems I am seeing is that people are trying to fake
users into revealing information by sending from an outside domain but
with an internal reply to address and claiming to be administration, IT
or what not.
I can set up something that will reject if from is outside the domain by
reply to is internal. The problem is in some setups, there are fetchmail
setups. I do not want to