06 Feb '12, 7pm

Just going to leave this here: Rails Security Guide

The attacker creates a valid session id: He loads the login page of the web application where he wants to fix the session, and takes the session id in the cookie from the response (see number 1 and 2 in the image). He possibly maintains the session. Expiring sessions, for example every 20 minutes, greatly reduces the time-frame for attack. Therefore he accesses the web application from time to time in order to keep the session alive. Now the attacker will force the user’s browser into using this session id (see number 3 in the image). As you may not change a cookie of another domain (because of the same origin policy), the attacker has to run a JavaScript from the domain of the target web application. Injecting the JavaScript code into the application by XSS accomplishes this attack. Here is an example: <script>
document.cookie="_session_id=16d5b78abb28e3d6206b60f22a03c8d9...

Full article: http://guides.rubyonrails.org/security.html

Tweets

Ruby on Rails developer: AVI Solutions from Ind...

workingwithrails.com 06 Feb '12, 8pm

AVI Solutions is one of the leading IT Company across the globe. We have created a niche for our self in the field of web ...

More on Ruby internals

rubyflow.com 07 Feb '12, 5pm

Posted by patshaughnessy on February 07, 2012 — 0 comments Two weeks ago I wrote about My first impression of Rubinius int...

Ruby Trick Shots - a screencast of Ruby tricks ...

rubyflow.com 07 Feb '12, 5pm

Ruby Trick Shots - a screencast of Ruby tricks and techniques Posted by PeterCooper on February 07, 2012 — 0 comments I'm ...

Sidekiq - simple, efficient message processing ...

rubyflow.com 06 Feb '12, 9pm

Sidekiq - simple, efficient message processing for Rails Posted by mperham on February 06, 2012 — 0 comments Sidekiq is my...

SGEntrepreneurs: Coworkify is one app to connect all co-working spaces

SGEntrepreneurs: Coworkify is one app to connec...

sgentrepreneurs.com 07 Feb '12, 7am

Coworkify is one app to connect all co-working spaces February 7, 2012 by Terence LEE Imagine a world where all co-working...

Looking for ocean-friendly sushi? There's an app for that - #behappyfish

Looking for ocean-friendly sushi? There's an ap...

davidsuzuki.org 05 Feb '12, 7pm

I don't know about you but I can't recite species origin and fishing method by memory. And Googling every menu item before...

Put Your Taproot Into the Independent Web

Put Your Taproot Into the Independent Web

battellemedia.com 04 Feb '12, 5am

(image ) This article - Early Facebook App Causes Is Being Reborn As A Polished Web Site For Good – caught my eye as I was...

SG Florist iPhone/iPad App « Blog

SG Florist iPhone/iPad App « Blog

lesterchan.net 07 Feb '12, 12am

Shopping has become so much faster and easier when you order flowers and gifts on -the-go with the SG Florist mobile app A...

[AOTW] App Of The Week: Wander: Came across thi...

greatdeals.com.sg 31 Jan '12, 3pm

Weekly Guides – When you first sign up, you will be matched up with someone from another country and both parties start sh...

Ruby5

ruby5.envylabs.com 08 Feb '12, 9am

February 3rd, 2012 See who's in the office with snitch, generate api docs from your rspec suite, learn some cool vim trick...

Google Bouncer Security Tool Fights Android Malware

Google Bouncer Security Tool Fights Android Mal...

searchenginewatch.com 07 Feb '12, 8pm

Google has shed new light on Bouncer, a security system it credits with slowing the spread of malware on its Android platf...

My friend got food poisoning at Melt. Check out...

hungrygowhere.com 07 Feb '12, 4am

My friend had decided to booked the Melt for one of our gathering for 16 ppl on 28th Jan 12. He had use HGW as a guide and...

[BLOGPOST] Twitter: A Guide Through The Settings

[BLOGPOST] Twitter: A Guide Through The Settings

domain.me 28 Jan '12, 9pm

Recently, we published a Twitter terminology guide for everyone who isn’t on the Twitter bandwagon yet. Now we’ll take a l...

A guide to PayPal alternatives in Asia

sgentrepreneurs.com 28 Jan '12, 2pm

A guide to PayPal alternatives in Asia January 28, 2012 by Terence LEE Globally, PayPal is the dominant online payment sol...

Rails

guides.rubyonrails.org 17 Feb '12, 9am

These are the new guides for Rails 3.2 based on v3.2.1 . These guides are designed to make you immediately productive with...