26 Jun '12, 6pm

ASCIIcast 358 - Brakeman

Brakeman has given this error has a weak confidence so it may not be a problem but it’s a good idea to investigate it anyway so that we’re sure. The documentation on Redirect warnings has more details about this time of vulnerability. If we redirect based on the value from a user-supplied parameter then we can be subject to phishing attacks. An evil site could be set up that looks identical to ours and the owners of this site could use this vulnerability to redirect from our site to theirs. If someone signs in through our application and is redirected to the evil site they could be prompted to enter their password again. To protect our site from this vulnerability we can use the :only_path option in our redirect which will require that the redirect takes place only within our application. In our application’s SessionsController we redirect based on the value of a session v...

Full article: http://railscasts.com/episodes/358-brakeman?language=en&v...

Tweets

#358 Brakeman via @zite

railscasts.com 07 Jul '12, 12pm

Brakeman has given this error has a weak confidence so it may not be a problem but it’s a good idea to investigate it anyw...

Episode 358: Brakeman

railscasts.com 16 Jun '12, 5am

Jun 15, 2012 | 8 minutes | Tools , Security The Brakeman gem will scan the Ruby code of a Rails application and alert you ...