Displaying 20 results from an estimated 30000 matches similar to: "Patch: more secure secret key generation for CookieStore"
2008 Jan 20
3
CookieStore and Session data via POST vars (no cookies)
This might be a solved issue, so I thought I''d ask. I''m trying to use
SWFUpload with the cookiestore. I''m passing in the session_id
variable through a POST parameter in the upload. I''ve verified that
Flash is sending the POST params (Flash 9).
I thought simply by setting cookie_only to false for that method, I
would be able to get that to work.
2009 Oct 17
3
Security problems with CookieStore and CSRF protection
Dear Rails community,
As part of a programming languages/security research group at the
University of Maryland, we are building some static analysis tools for
Rails applications. These tools work by taking formally specified
properties of interest, and then analyzing code to verify that those
properties indeed hold. Using these tools, we found some security
vulnerabilities in Rails, and we would
2008 Feb 27
8
ActiveRecord validation messages not I18N-friendly and enforces grammar
ActiveRecord validation messages are currently not I18N-friendly.
Specifically, I''m referring to the fact that it enforces a certain
grammar, namely the beginning of the message must consist of the field
name. For example:
validates_presence_of :name, :message => "can''t be blank."
...generates the message "Name can''t be blank". This grammar
2009 Sep 25
0
Authentication with Cookies instead of CookieStore Sessions
I would like to persist the user authentication between user sessions
(basically a "remind me" by default).
Sessions expire while cookies persist: why should I use a session for
authentication and then another different cookie for the "remind me"?
Can''t I simply store a cookie whith a token and use it for both
authentication and persistence?
--
Posted via
2010 Jun 17
3
RDoc 2.2.0 requirement
Looks like Rails 3 currently depends on RDoc 2.2.0 exactly, even
though the latest version is 2.5.x. Why this specific version?
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
2007 Dec 07
9
Merb-style development exception pages for Mac OS X
I like the merb-style exception pages where there''re links to open the
files listed in the stack trace in TextMate and the source around each
line a lot so I stole the idea (and the code!) and made a patch for
Rails: http://dev.rubyonrails.org/ticket/10401
Here''s how it looks like in Merb: http://yehudakatz.com/wp-content/uploads/stacktrace.gif
What do you guys think?
2007 Nov 20
29
Don't make cookie-stored sessions a default
Hi!
Before Rails 2.0 is coming, I suggest not to make CookieStore the
default session storage. It stores clear-text values on the client-side
and the integrity check hash can be brute-force attacked.
I understand that this has been set due to speed advantages, but I
believe it''s better to make better security a default.
I''ve written a blog post about this
2008 Feb 09
1
how to check the config.action_controller.session options ?
when setting it in my environment.rb
config.action_controller.session = {
:session_key => ''_myapp_session'',
:secret => ''3a64394bb895f1f05e0c07f71127d93d''
}
I cannot get it back in the script/console ..
:session_key=>"_session_id" !!!
why ?
>> ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS
=>
2020 Sep 07
0
Wireshark LDAP capture vs Diffie-Hellman / pre-master secret - key log file
Hi,
I am trying to debug a new (to me) printer, that should be able to use
AD (for LDAP / address book lookups as well as authentication).
It's been a while since I needed to dump traffic with wireshark; and
evidently it's got harder since I last tried :)
I have generated a wireshark dump on my DC, to see what the printer is
trying to do, using:
dc1$ sudo tcpdump host myprinter and port
2009 Aug 27
1
Documentation on RSA key authentication ?? (No way to send secret to peer)
Is there any documentation on IAX RSA authentication because I followed
http://www.voip-info.org/wiki/index.php?page=Asterisk+iax+rsa+auth and
it's not working...
Asterisk 1 :
-r--r--r-- 1 root root 272 Aug 25 10:34 server2.pub
-r-------- 1 root root 963 Aug 24 19:38 server1.key
Asterisk 2 :
-r-------- 1 root root 963 Aug 24 19:53 server2.key
-r--r--r-- 1 root root 272 Aug 25 09:02
2010 Jun 14
9
Multipart forms by default?
Forms without explicit enctype are submitted as application/x-www-form-
urlencoded. This is the default behaviour in Rails. However, this
enctype does not allow transmission of binary data (files).
Would it not make sense to specify the enctype multipart/form-data by
default instead? i.e. all the form_for helpers would add this enctype
to the form tag, unless overriden by the developer.
This
2007 Nov 04
3
Searching different fields based on document permissions
I''m currently writing a system that stores user-created documents. Each
user belongs to a specific group, and the system supports multiple
groups. The thing is, my users want to be able to hide pieces of a
document from other groups. So for example, lets say Joe of team A has
written this document:
"Hello all, our secret plan is finally complete! <private>We will
begin
2007 Aug 12
0
ActiveRecord with only a primary key
Hi,
ActiveRecord does not currently support tables that have only
a primary key.
This seems to be a needed feature as evidenced by the tickets:
http://dev.rubyonrails.org/ticket/6187
http://dev.rubyonrails.org/ticket/6319
http://dev.rubyonrails.org/ticket/7877
The update case is easily fixed by just not running the query
when there are no columns to update. But the create case is
problematic
2011 Jun 06
2
[PATCH] Document the method for building the Unicorn gem
>From dcd47a609f4489bb37ce33ea1ce975bb2b3ab160 Mon Sep 17 00:00:00 2001
From: Hongli Lai (Phusion) <hongli at phusion.nl>
Date: Mon, 6 Jun 2011 13:36:57 +0200
Subject: [PATCH] Document the method for building the Unicorn gem.
Signed-off-by: Hongli Lai (Phusion) <hongli at phusion.nl>
---
HACKING | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git
2007 Oct 26
15
Adding see_other method to ActionController
303 (See Other) is the status code a resource returns to tell the
client about the new resource it just created (typically after a
POST). 301/302 is the status code some servers return to tell the
browser where to go next. It works because browsers ignore the
distinction and treat all three status codes the same way, and few
people understand the difference. But when developing an application
2008 Jul 09
3
CookieOverflow - 4k Session?
Hello all,
I get the following error when I stuff my seesion with more than 4k of
data.
CGI::Session::CookieStore::CookieOverflow
My problem is that I obviously need a fatter session.
How do other users by-pass the 4k restriction on session variables?
Regards,
John
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
2008 Jan 08
3
Unbreak ActiveRecordHelper::form() when protect_from_forgery is used
Can I get some +1s for this tiny patch? It fixes
ActiveRecordHelper::form, which is broken by default in new
applications created with Rails 2.0.
http://dev.rubyonrails.org/ticket/10739
Jeremy
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To post to this group, send email to
2008 Apr 02
1
facebooker plugin!?
I''m trying to create a facebook application but I have no success. I
either get one of those two errors depending on which revision of the
plugin I use:
CGI::Session::CookieStore::TamperedWithCookie (Using plugin from directory)
or
ActionView::TemplateError (Session key invalid or no longer valid)
(Using plugin from a week ago or so).
Has anyone successfully gotten an app that as to
2009 Apr 20
1
Upgrading rails to 2.3.2 - CookieOverflow issue
Folks,
I am trying to upgrade system from rails 1.3.x to 2.3.2 and getting
this error -
Status: 500 Internal Server Error
ActionController::Session::CookieStore::CookieOverflow
/usr/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/
session/cookie_store.rb:102:in `call''
/usr/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/
reloader.rb:9:in
2009 May 20
1
Problem on rack_setup
I''m having problems trying to set up facebooker on a Rails 2.3.2
project using :active_record_store for cookies. The problem happens
because of this commit:
http://github.com/mmangino/facebooker/commit/308770447db06433e505aaf27db2614cee213cc2
That code is trying to add the Rack::Facebook to the dispatch chain
after ActionController::RewindableInput or