search for: rorsecurity

Displaying 3 results from an estimated 3 matches for "rorsecurity".

Did you mean: grsecurity
2009 Nov 11
4
Sessions
I''m an experienced programmer, but new to Rails. I would like to echo an unanswered question I''ve recently read elsewhere. Can any recommend an overview of get/post, cookies, sessions, etc., and how Ruby on Rails interacts with all of this? I''m interested in understanding how to harden a Rails application Regards -- Dave
2009 Sep 15
6
User login and authentication
Being a rails newbie, I started to design our first rails-based webapp. This app should not only be used via browsers, but we also want to provide a (RESTful) api. I love the ''convention over configuration'' paradigm, but am totally clueless on what to do when it comes to user authentication. Is there a THE rails-way of doing this? I found many excellent gems and plugins, such as
2007 Nov 20
29
Don't make cookie-stored sessions a default
...rage. It stores clear-text values on the client-side and the integrity check hash can be brute-force attacked. I understand that this has been set due to speed advantages, but I believe it''s better to make better security a default. I''ve written a blog post about this http://www.rorsecurity.info/2007/11/20/rails-20-cookies/ and Corey Benninger presented this at on the OWASP AppSec conference: http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/ Heiko. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this mess...