29 Dec '12, 3pm

#OWASP [Rails] Re: CSRF tokens for mobile apps | Ruby on Rails - Hey Jim, don't be a jerk, especially when your ans

Hey Jim, don't be a jerk, especially when your answer is wrong. Using <%= form_authenticity_token %> doesn't work because you don't have a server to dynamically insert content into html as an app is static and packaged on the client device (iPhone/iPad). CSRF should not be a possible attack inside of an app. Your session is isolated to the app and cross domain origin policies in the browser will prevent the attack. Also, since you are using an app you can implement sessions without the use of cookies entirely. -- Posted via http://www.ruby-forum.com/ . -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] . To unsubscribe from this group, send email to [email protected] . For more options, visit https://groups.google.com/gro...

Full article: http://netrubyonrails.blogspot.com/2012/12/rails-re-csrf-...

Tweets

Why Rails?

Why Rails?

net.tutsplus.com 28 Dec '12, 8pm

MVC means that it follows the Model-View-Controller paradigm, so that you can clearly separate concerns when developing an...

Hotel reveal deal website in Ruby on Rails by s...

freelancer.com 30 Dec '12, 4am

I need a website similar to http://www.hotwirerevealed.com/ created in Ruby on Rails. The website should reveal deals from...

#HTML/#CSS Visual Bug-Fix for Ruby on Rails Web...

freelancer.com 30 Dec '12, 12am

Need rapid bug-fix for HTML/CSS for Ruby on Rails Web App (within 3 days--very important). Code is on GitHub and Heroku. D...

Check out "Essential Ruby & Rails" with .@mjord...

skillshare.com 29 Dec '12, 2pm

individual/peer group exploration 1-6 hrs Guided tutorials and videos on Ruby installation and advanced exploration made a...

Rails, Ruby, And Type-Checking

Rails, Ruby, And Type-Checking

gilesbowkett.blogspot.com 02 Jan '13, 10am

I guess I was pontificating a little, but I want to go into more detail. Rails does something brilliant with its associati...

@vfrride @ramimassoud @mark_menard these are he...

railscasts.com 30 Dec '12, 2pm

Episode #344 – Apr 24, 2012 – 25 comments Queue Classic PostgreSQL can act as a worker queue which can replace the need fo...

あとあとから考えてみると、Cygwinにインストールすればよかった…。

あとあとから考えてみると、Cygwinにインストールすればよかった…。

oiax.jp 30 Dec '12, 5pm

Select Local Package Directory -- C:\cygwin\packages に変更。 Select Connection Type -- 基本的に変更不要。プロキシ設定の必要な方は「Use HTTP/FTP Pro...

Re-style Dropdown Select Menu by CourseCloud

freelancer.com 30 Dec '12, 12am

Project Description: We are a startup company looking to add another developer to our team for regular bug-repair work. Th...

Cto - développeur ruby on rails - Sharewizz (Pa...

emploi.alsacreations.com 30 Dec '12, 6pm

Une version Alpha du site a déjà été développée, et est testée actuellement auprès d'une centaine d'utilisateurs. Sur la b...

#Jobs #IT Ruby/ Ruby on Rails Developer (Postgr...

jobview.monster.co.uk 29 Dec '12, 10am

Ruby/ Ruby on Rails Developer (PostgreSQL, MySQL, Agile) - Finance, London Ruby/ Ruby on Rails Developer (PostgreSQL, MySQ...

Take a look at what happened in Kyiv, Ukraine! :) #ruby #rails

Take a look at what happened in Kyiv, Ukraine! ...

blog.railsgirls.com 28 Dec '12, 7pm

So, Friday started off with the traditional welcome introduction from the organizers RubyGarage and installation fest! As ...

Google Trends: Ruby on Rails v Node.js #rubyonr...

google.com 01 Jan '13, 9pm

To compare up to 5 searches, separate them with commas: "table tennis", squash, handball To find any of several terms, sep...

Rails for Zombies: A Fun Way To Learn Ruby On Rails

Rails for Zombies: A Fun Way To Learn Ruby On R...

blogfreakz.com 26 Dec '12, 11am

Never has learning how to build apps using Ruby on Rails been so much easier and a lot more fun than playing Code School’s...

Ruby on Rails - Jiffle #Bangalore

jobs.hasgeek.com 28 Dec '12, 10am

Ruby on Rails - Jiffle Posted December 28, 2012 Jiffle Bangalore www.jifflenow.com Full-time employment / Programming / Al...