Advanced Rails - Building Industrial-Strength Web Apps in Record Time
LDAP | 125 development: host:(ldap server name) port: 389 base:dc=mycompany,dc=com password:my_password production: ... Then, at ...
126 | Chapter 4: Database rescue ActiveLDAP::AuthenticationError return false end end end Authentication is then very simple: Ld ...
127 Chapter 5 CHAPTER 5 Security 5 Given a choice between dancing pigs and security, users will pick dancing pigs every time. —E ...
128 | Chapter 5: Security Let’s examine the reasoning behind this rule. Hashing passwords prevents them from being recovered if ...
Application Issues | 129 def generate_salt(login) Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") end def store_passwor ...
130 | Chapter 5: Security TheUsermodel has a virtual attribute for the unencrypted password, so that you can set the password us ...
Application Issues | 131 the environment. You can never, ever trust anything that comes from the client, because the client can ...
132 | Chapter 5: Security statement is bypassed. When we get to the part of the code that contains the secret, $user_idis still ...
Application Issues | 133 Hidden form fields Rails makes simple CRUD (create, read, update, delete) operations on a single model ...
134 | Chapter 5: Security It is perfectly OK to validate data at the client. This is useful because when users make mistakes fil ...
Application Issues | 135 def show @message = Message.find_by_user_id_and_id(current_user.id, params[:id]) end This automatically ...
136 | Chapter 5: Security This is not to say that you should publish your routes and system architecture; there is no need to ai ...
Web Issues | 137 This exception should be caught and logged to the Rails development log, but the client should only see a nice ...
138 | Chapter 5: Security The traditional session storage methods in Rails are server-side; they store all of the session data o ...
Web Issues | 139 exception if either of these are missing. These options can be set alongside other ses- sion options inconfig/e ...
140 | Chapter 5: Security In many cases, this is desirable: a blog will allow users to comment on entries, in some cases adding ...
Web Issues | 141 Whitelisting Instead, whitelisting is a good option. Rick Olson has created a whitelisting plugin, white_list ( ...
142 | Chapter 5: Security Since a browser holding a cookie for the target site will send that cookie with each request, the serv ...
Web Issues | 143 However, cross-site request forgery is not limited to GET requests. There are several ways for an attacker to c ...
144 | Chapter 5: Security You would need some form of path normalization if you wanted to compare these paths. More importantly, ...
«
3
4
5
6
7
8
9
10
11
12
»
Free download pdf