30 Apr '12, 8am

Ruby tip of the day: always (regexp) match the beginning and end of strings by /\A … \z/, instead of ^ and

The attacker creates a valid session id: He loads the login page of the web application where he wants to fix the session, and takes the session id in the cookie from the response (see number 1 and 2 in the image). He possibly maintains the session. Expiring sessions, for example every 20 minutes, greatly reduces the time-frame for attack. Therefore he accesses the web application from time to time in order to keep the session alive. Now the attacker will force the user’s browser into using this session id (see number 3 in the image). As you may not change a cookie of another domain (because of the same origin policy), the attacker has to run a JavaScript from the domain of the target web application. Injecting the JavaScript code into the application by XSS accomplishes this attack. Here is an example: <script>
document.cookie="_session_id=16d5b78abb28e3d6206b60f22a03c8d9...

Full article: http://guides.rubyonrails.org/security.html#regular-expre...

Tweets

Ruby Forum - Italian Ruby user group:

ruby-forum.com 01 May '12, 8pm

Forum: Italian Ruby user group Forum List | New Topic | Search | Register | User List | Log In Page 1 >> Subject Author Re...

How to Change Your YouTube Channel’s Main Featured Video [Creator's Tip #36]

How to Change Your YouTube Channel’s Main Featu...

reelseo.com 30 Apr '12, 11pm

Video #1 - changing your featured video Hey guys, my name is Tim Schmoyer and welcome to another week of Creator’s Tip whe...

A rapturous Startup Weekend Manila, right to the very end #SWManila #startupweekend

A rapturous Startup Weekend Manila, right to th...

sgentrepreneurs.com 30 Apr '12, 8am

Jerome Punzalan from SpinMeBuddy While the judges huddled for an hour to decide the winners of the second Startup Weekend ...

Major military/civilian exercise set to test Ol...

army.mod.uk 30 Apr '12, 3pm

Preparations aimed at making the 2012 Olympic and Paralympic Games as safe and secure as possible are to be tested this we...

Mad Men: “One day your little girl will spread her legs and fly away.”

Mad Men: “One day your little girl will spread ...

purseblog.com 30 Apr '12, 6pm

Do any of you remember the first time that you realized that the world could be a thoroughly disappointing place? I don’t ...

本週的 Ruby Weekly 有介紹我寫的 instant 啊 :D

rubyweekly.com 26 Apr '12, 1pm

Welcome to issue 90! Be warned, this is a Rails-heavy issue, probably because RailsConf was this week. Still, lots of grea...

Ruby ri Tool: Ruby Study Notes - Best Ruby Guid...

rubylearning.com 11 May '12, 4pm

tool is used to view the Ruby documentation off-line. Open a command window and invoke ri followed by the name of a Ruby c...

The guide to boost your endurance! #running

The guide to boost your endurance! #running

runaddicts.net 27 Apr '12, 3am

Interested in writing for RunAddicts.net? Get started now! If you’re looking for ways to increase your running endurance, ...

Moving my INGLOT eyeshadows into Z-Palette

Moving my INGLOT eyeshadows into Z-Palette

retailtherapy.onsugar.com 26 Apr '12, 11am

recently, I immediately thought of fitting all my INGLOT eyeshadows inside. I am sure many of you are no strange to the Z-...

@jqr

@jqr

rubyinside.com 01 May '12, 1am

Thanks for the review, Peter. And all the comments that followed. I can't say I am surprised that many Ruby programmers di...

Butch Harmon's new golf instruction DVDs: Not an end-all, but a pretty fair guide

Butch Harmon's new golf instruction DVDs: Not a...

worldgolf.com 24 Apr '12, 1pm

Butch Harmon's new golf instruction DVDs: Not an end-all, but a pretty fair guide By Mike Bailey , Senior Staff Writer Vie...

Ruby on Rails Guides: A Guide to Testing Rails ...

guides.rubyonrails.org 08 May '12, 9am

Testing support was woven into the Rails fabric from the beginning. It wasn’t an “oh! let’s bolt on support for running te...

@AllenJlawson

ruby-lang.org 28 Apr '12, 9pm

Certain members of the Ruby community feel very strongly that you should never use a package manager to install Ruby, and ...

Compiling Ruby: From Text to Bytecode | Engine ...

engineyard.com 21 Apr '12, 10am

The business of executing Ruby code is booming; with so many Ruby environments in development, there are just as many diff...