Ruby5 - Techniques to Secure your Rails app

5:33

Subscribe with or

Episode #280 - June 12th, 2012

Don't get LeakedIn, secure your routes, use your Savon, catch a Tokaido, put your models in a Display Case, and join the Ruby Study Hall.

Techniques to Secure your Rails app

Jeremy Walker recently posted part 1 of his three part series talking about techniques to secure your Rails website. He talks about a few ways hackers can manipulate data before it hits your server, how Rails protects us from most of these situations, and thow you can protect yourself further. Data manipulation includes things like session hijacking, session fixation attacks, cross-site request forgery, etc. If you use the “match” keyword without specifying the method within your routes then you can call the route using a get GET method which doesn't check for an authenticity token.

May 24th, 2013

An Intervention for ActiveRecord, Using Gems in RubyMtion, GemConfig, using Nested Attributes with BackBone, Lyricfy (sorry - Chris made me sing!), and a shoutout to Josh Kemp in this RubyLoco-Powered episode of Ruby5.

May 21st, 2013

Easier rules for class structure, ProMotion for RubyMotion, JSON APIs in Rails 4, concurrency with Futuroscope, ActiveRecord help via Searchlight, and internationalization with haml-i18n-extractor.

May 17th, 2013

Today's episode covers a major release for minitest, some JSON standards work, a tutorial on tagging with ActiveRecord and Postgres (plus an arduino to trigger the spray paint can), a RubyMotion tutorial and a little thing called CoVim that will blow your mind.

May 14th, 2013

From multi to native json, JoyBox hits 1.0, ContextValidations and FormObjects, teaching kids at KidsCodeCamp, Plataformatec gems, tab navigation with Tabulous 2 and Git Real 2 online course.

The Archives >