28 Mar '13, 4am

Rails에서 jQuery로 post 보낼 때마다, CRSF 토큰 포함시키기.

There is a vulnerability in Ruby on Rails which could allow an attacker to circumvent the CSRF protection provided. This vulnerability has been assigned the CVE Identifier CVE -2011-0447. Versions Affected: 2.1.0 and above Not affected: Applications which don’t use the built in CSRF protection. Fixed Versions: 3.0.4, 2.3.11 Impact Certain combinations of browser plugins and HTTP redirects can be used to trick the user’s browser into making cross-domain requests which include arbitrary HTTP headers specified by the attacker. An attacker can utilise this to spoof ajax and API requests and bypass the built in CSRF protection and successfully attack an application. All users running an affected release should upgrade or apply the patches immediately. Releases The 3.0.4 and 2.3.11 releases are available at the normal locations . Upgrade Process There are two major changes in th...

Full article: http://weblog.rubyonrails.org/2011/2/8/csrf-protection-by...

Tweets

Build your own Ruby and Rails Searchable API Docs

rubyflow.com 28 Mar '13, 7pm

Build your own Ruby and Rails Searchable API Docs Posted by phallstrom on March 28, 2013 — 1 comment If you want a local, ...

@DanielZarick @rbates does.

railscasts.com 03 Apr '13, 3pm

In this first part of a two part series you will learn basic Backbone concepts including models, collections, routers, vie...

Web application in ruby and rails error while r...

ruby-forum.com 29 Mar '13, 6am

Hey all , i m a newbie of ruby and rails , iahev an application which is in ruby rails , now i am trying to run on this lo...

Rails' Insecure Defaults

rubyflow.com 27 Mar '13, 1pm

Rails' Insecure Defaults Posted by brynary on March 27, 2013 — 0 comments Just published a detailed blog post covering 13 ...

[Rails] / “#400 What's New in Rails 4 - RailsCa...

railscasts.com 04 Apr '13, 1pm

The next major version of Rails is just around the corner and as this is episode 400 it seems like a good time to discuss ...

What’s New in Edge Rails #63: Week of March 25 ...

afreshcup.com 01 Apr '13, 12pm

is Mike Gunderloy's software development weblog, covering Ruby on Rails and whatever else I find interesting in the univer...

Notification APIの使い方〜 / “#249 Notifications in ...

railscasts.com 29 Mar '13, 5am

start_processing.action_controller notification: sql.active_record notification: sql.active_record notification: sql.activ...

Raising and Rescuing Custom Errors in Rails

rubyflow.com 27 Mar '13, 9am

Raising and Rescuing Custom Errors in Rails Posted by joshnesbitt on March 27, 2013 — 0 comments Following on from our pos...