24 Nov '13, 8am

Rails cookies are dangerous

Turns out, Rails cookies can be dangerous and they don't play nice with others. Signed and encrypted cookies (sessions, remember me etc..) are serialized using Marshal which is problematic for two reasons: security (someone with the session key can execute arbitrary code server side)and compatibility (you can't share a session with a non Ruby app). You can't currently change Rails default serializer, but here is a monkey patch for Rails 4 . And here is a discussion about changing Rails default serializer. Please consider helping with the pull request the Rails team wants us to come up with.

Full article: http://www.rubyflow.com/items/10117-rails-cookies-are-dan...

Tweets

@metaskills @hazula I didn’t yet deploy Rails 4...

guides.rubyonrails.org 25 Nov '13, 4pm

Starting with version 3.1, Rails defaults to concatenating all JavaScript files into one master .js file and all CSS files...

@fredguest TIL Rails sessions require cookies. ...

guides.rubyonrails.org 06 Dec '13, 6am

class ClientsController < ApplicationController # This action uses query string parameters because it gets run # by an HTT...

How Dangerous Is Road Debris? It's THIS Dangero...

greencarreports.com 28 Nov '13, 4pm

By Antony Ingram 496 views Nov 28, 2013 Follow Antony Reddit This! Share on Facebook Share on Twitter You might have notic...

Rubyflow Mousetrap-rails 1.4.6 is out: I’ve jus...

rubyflow.com 25 Nov '13, 10pm

Mousetrap-rails 1.4.6 is out Posted by kugaevsky on November 25, 2013 — 0 comments I’ve just released mousetrap-rails 1.4....

‘Learn Ruby on Rails’ book is free today

rubyflow.com 27 Nov '13, 6am

‘Learn Ruby on Rails’ book is free today Posted by DanielKehoe on November 27, 2013 — 1 comment Saturday is the last day t...

Worth reading if you're using ActiveRecord outs...

api.rubyonrails.org 03 Dec '13, 12pm

A connection pool synchronizes thread access to a limited number of database connections. The basic idea is that each thre...

The most dangerous road in the world

aluxurytravelblog.com 19 Nov '13, 10pm

Is this the most dangerous road in the world? Situated in Bolivia, just to the north-east of La Paz, the North Yungas has ...

These cookies are amazeballs!

These cookies are amazeballs!

ohsheglows.com 16 Nov '13, 9pm

Welcome to my dream cookie. Ram packed with healthy ingredients, chewy, crispy around the edges, thick and bite-sized, wit...

Rails + Heroku - Best Practices

rubyflow.com 27 Nov '13, 7pm

Rails + Heroku - Best Practices Posted by pcreux on November 27, 2013 — 0 comments Here are gems, heroku add-ons and confi...