#OWASP [Rails] Re: CSRF tokens for mobile apps | Ruby on Rails - Hey Jim, don't be a jerk, especially when your ans

[Rails] Re: CSRF tokens for mobile apps | Ruby on Rails

netrubyonrails.blogspot.com 29 Dec '12, 3pm

#OWASP [Rails] Re: CSRF tokens for mobile apps | Ruby on Rails - Hey Jim, don't be a jerk, especially when your ans

Hey Jim, don't be a jerk, especially when your answer is wrong. Using <%= form_authenticity_token %> doesn't work because you don't have a server to dynamically insert content into html as an app is static and packaged on the client device (iPhone/iPad). CSRF should not be a possible attack inside of an app. Your session is isolated to the app and cross domain origin policies in the browser will prevent the attack. Also, since you are using an app you can implement sessions without the use of cookies entirely. -- Posted via http://www.ruby-forum.com/ . -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] . To unsubscribe from this group, send email to [email protected] . For more options, visit https://groups.google.com/gro...

Full article: http://netrubyonrails.blogspot.com/2012/12/rails-re-csrf-...

Tweets

@trh00d » 29 Dec '12, 3pm
RT @Netw0rkSecurity: #OWASP [Rails] Re: CSRF tokens for mobile apps | Ruby on Rails - Hey Jim, don't be a jerk, especially when your ans ... [link]
@Netw0rkSecurity » 29 Dec '12, 3pm
#OWASP [Rails] Re: CSRF tokens for mobile apps | Ruby on Rails - Hey Jim, don't be a jerk, especially when your ans ... [link]