Displaying 3 results from an estimated 3 matches for "rorsecur".
2009 Nov 11
4
Sessions
I''m an experienced programmer, but new to Rails.
I would like to echo an unanswered question I''ve recently read
elsewhere.
Can any recommend an overview of get/post, cookies, sessions, etc.,
and how Ruby on Rails interacts with all of this?
I''m interested in understanding how to harden a Rails application
Regards
--
Dave
2009 Sep 15
6
User login and authentication
Being a rails newbie, I started to design our first rails-based
webapp. This app should not only be used via browsers, but we also
want to provide a (RESTful) api. I love the ''convention over
configuration'' paradigm, but am totally clueless on what to do when it
comes to user authentication. Is there a THE rails-way of doing this?
I found many excellent gems and plugins, such as
2007 Nov 20
29
Don't make cookie-stored sessions a default
...rage. It stores clear-text values on the client-side
and the integrity check hash can be brute-force attacked.
I understand that this has been set due to speed advantages, but I
believe it''s better to make better security a default.
I''ve written a blog post about this
http://www.rorsecurity.info/2007/11/20/rails-20-cookies/
and Corey Benninger presented this at on the OWASP AppSec conference:
http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/
Heiko.
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this m...