04 Nov '17, 2pm

Ruby on Rails bottom up security – mass assignment https://t.co/T13OJRu69s

Ruby on Rails bottom up security – mass assignment https://t.co/T13OJRu69s

Mass assignment is security risk where user can create/update data attributes that is not allowed to update. Here is an example. Imagine application that registers your employees working hours. When user logs in it sets start time, and when it logs out it sets end time. Pretty simple feature. User login form has username/password input fields. Imagine that user can temper its login timestamp using login request. How? Your employee friend is skilfull tester, and he knows how to send POST request using Postman tool. Using Chrome developer tools he/she finds out the login attributes and now he tries to guess login timestamp attribute: createtime logintime login_time create_time, … Those names set with date values in the past (he/she wants his friend to work less) are sent using curl (no need to know cookie!). Heuristic to know when correct time attribute is guessed is very si...

Full article: https://blog.tentamen.eu/ruby-on-rails-bottom-up-security...

Tweets

Ruby on Rails Software Engineer

technojobs.co.uk 04 Nov '17, 10am

Ruby on Rails Software Engineer/Cape Town/Salary negotiable Ruby on Rails Software Engineer/Cape Town/Salary negotiable Ou...

TaxJar: Ruby on Rails Developer

weworkremotely.com 08 Nov '17, 2pm

TaxJar is the leading technology solution for busy eCommerce sellers to manage sales tax and is trusted by more than 10,00...

Ruby on Rails and Socket.io guru by darianpoh

freelancer.com 09 Nov '17, 9am

socket.io push notification android , socket.io notification tutorial , node.js socket.io push notifications , socket.io r...

Toptal LLC: Ruby on Rails Developer

weworkremotely.com 07 Nov '17, 1pm

We are looking for a Ruby on Rails developer to be responsible for managing the interchange of data between the server and...

Software Developer Ruby on Rails | GARAIO AG

garaio.com 07 Nov '17, 5pm

Software Developer Ruby on Rails (m/w) Gesucht: Schlaue Köpfe für erfrischende Software-Lösungen zur Verstärkung des GARAI...

RAILS ROOT - CONNECTING RAILS DEVELOPERS

rubyflow.com 06 Nov '17, 7am

× The Ruby and Rails community linklog Made a library? Written a blog post? Found a useful tutorial? Share it with the Rub...

decidim (0.7.2): Citizen participation framewor...

rubygems.org 07 Nov '17, 9am

RubyGems.org is the Ruby community’s gem hosting service. Instantly publish your gems and then install them . Use the API ...

Why Businesses Prefer Ruby on Rails and Tips to Hire Ruby on Rails Developer

Why Businesses Prefer Ruby on Rails and Tips to...

blog.andolasoft.com 10 Nov '17, 9am

Lots of questions in your mind or you must be getting into a brain-storming session with your technology professionals to ...

We @farmdrop are #hiring a #Ruby Developer in L...

angel.co 07 Nov '17, 4pm

Farmdrop is growing quickly. We're looking for a talented, experienced, sensible and creative Ruby Developer to help lead ...

Ruby on Rails color picker by wmitbrodt

freelancer.com 04 Nov '17, 1am

add facebook connect ruby rails , add calendar ruby rails , ruby rails add facebook timeline , ruby rails add facebook con...

Node.js vs Ruby on Rails: Which Is the Best for...

route.overnewser.com 05 Nov '17, 11pm

Node.js vs Ruby on Rails: Which Is the Best for Web Development? - DZone Web Dev A comparative look at two of the most pop...

Preventing security issues in Rails

rubyflow.com 01 Nov '17, 5am

× The Ruby and Rails community linklog Made a library? Written a blog post? Found a useful tutorial? Share it with the Rub...

Senior Ruby on Rails Developer: RightLabs Inc. ...

eluta.ca 10 Nov '17, 4am

Senior level Ruby on Rails developer wanted to lead the development of a rapidly growing new product. We have thousands of...

Need High Skilled Ruby on Rails Expert by Wangx...

freelancer.com 09 Nov '17, 7pm

ruby on rails expert for freelancers , need help with ruby on rails , need ruby rails programmer , ruby ruby rails expert ...