diff options
author | Nick Quaranto <nick@quaran.to> | 2014-04-19 15:19:09 -0400 |
---|---|---|
committer | Nick Quaranto <nick@quaran.to> | 2014-04-19 15:19:09 -0400 |
commit | 66e5844b9ac3dbacc901d1f6ca59c7476cbe03a1 (patch) | |
tree | 2695272b1883121339e8231d535794c6e4976c02 | |
parent | 6642407c168ecee436cda1c82bfa87e58f7d73fc (diff) | |
download | rails-66e5844b9ac3dbacc901d1f6ca59c7476cbe03a1.tar.gz rails-66e5844b9ac3dbacc901d1f6ca59c7476cbe03a1.tar.bz2 rails-66e5844b9ac3dbacc901d1f6ca59c7476cbe03a1.zip |
Remove statement assuming coffee shop/public space wifi is inherently insecure
-rw-r--r-- | guides/source/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 9d7fdb3c6d..0d347c9e4b 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -60,7 +60,7 @@ Many web applications have an authentication system: a user provides a user name Hence, the cookie serves as temporary authentication for the web application. Anyone who seizes a cookie from someone else, may use the web application as this user - with possibly severe consequences. Here are some ways to hijack a session, and their countermeasures: -* Sniff the cookie in an insecure network. A wireless LAN can be an example of such a network. In an unencrypted wireless LAN it is especially easy to listen to the traffic of all connected clients. This is one more reason not to work from a coffee shop. For the web application builder this means to _provide a secure connection over SSL_. In Rails 3.1 and later, this could be accomplished by always forcing SSL connection in your application config file: +* Sniff the cookie in an insecure network. A wireless LAN can be an example of such a network. In an unencrypted wireless LAN it is especially easy to listen to the traffic of all connected clients. For the web application builder this means to _provide a secure connection over SSL_. In Rails 3.1 and later, this could be accomplished by always forcing SSL connection in your application config file: ```ruby config.force_ssl = true |