Discover it
Toolbox
User talk:Dbornkessel
From openSUSE
[edit]
RailsConf 2008
This is just a summary of some stuff I heard on RailsConf 2008 and found noteworthy ... not all of it was new to me -- this is just to remind me.
[edit]
Security
- Good web page regarding RoR security: Ruby on Rails Security Project, Open Web Application Security Project, Ruby on Rails Security Guide
- sanitize data before saving and not before displaying
- SQL-injection-insecure functions:
- find_by_sql
- execute
- group_by
- limit (fixed in 2.1)
- offset (fixed in 2.1)
- avoid Cross Site Scripting by either
- using <=h instead of <= (use safe erb to find insecure tags) or using
- the plugin XSS shield which escapes everything
- test rails-app security with
- Tarantula: a fuzzy spider entering fuzzy data into the rails app
- buy a PeepCode auditing
- spider test: follows all links, fills out forms and sends them
- generic stuff:
- use check rootkit
- move ssh port to other port
- work on action plan that is to be executed when hacked and make sure as many team members as possible can execute it
... to be continued
The content on this and other wiki pages is posted by community members who are not acting for or on behalf of Novell, Inc., whether or not they otherwise have affiliation with Novell.
This site uses the YAML CSS framework.
About openSUSE | Disclaimers | Feedback
This page was last modified 16:21, 10 June 2008. This page has been accessed 189 times.
This site uses the YAML CSS framework.
About openSUSE | Disclaimers | Feedback
This page was last modified 16:21, 10 June 2008. This page has been accessed 189 times.