Brakeman has given this error has a weak confidence so it may not be a problem but it’s a good idea to investigate it anyway so that we’re sure. The documentation on Redirect warnings has more details about this time of vulnerability. If we redirect based on the value from a user-supplied parameter then we can be subject to phishing attacks. An evil site could be set up that looks identical to ours and the owners of this site could use this vulnerability to redirect from our site to theirs. If someone signs in through our application and is redirected to the evil site they could be prompted to enter their password again. To protect our site from this vulnerability we can use the :only_path option in our redirect which will require that the redirect takes place only within our application. In our application’s SessionsController we redirect based on the value of a session v...
Full article: http://railscasts.com/episodes/358-brakeman?language=en&v...
Brakeman has given this error has a weak confidence so it may not be a problem but it’s a good idea to investigate it anyw...
Jun 15, 2012 | 8 minutes | Tools , Security The Brakeman gem will scan the Ruby code of a Rails application and alert you ...
