search for: rorsecurity

I''m an experienced programmer, but new to Rails. I would like to echo an unanswered question I''ve recently read elsewhere. Can any recommend an overview of get/post, cookies, sessions, etc., and how Ruby on Rails interacts with all of this? I''m interested in understanding how to harden a Rails application Regards -- Dave

Being a rails newbie, I started to design our first rails-based webapp. This app should not only be used via browsers, but we also want to provide a (RESTful) api. I love the ''convention over configuration'' paradigm, but am totally clueless on what to do when it comes to user authentication. Is there a THE rails-way of doing this? I found many excellent gems and plugins, such as

...rage. It stores clear-text values on the client-side and the integrity check hash can be brute-force attacked. I understand that this has been set due to speed advantages, but I believe it''s better to make better security a default. I''ve written a blog post about this http://www.rorsecurity.info/2007/11/20/rails-20-cookies/ and Corey Benninger presented this at on the OWASP AppSec conference: http://blog.phishme.com/2007/11/owning-rails-20-cookies-at-owasp/ Heiko. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this mess...