diff options
| author | Jonathan Roes <jroes@jroes.net> | 2013-05-03 00:28:06 -0300 |
|---|---|---|
| committer | Jonathan Roes <jroes@jroes.net> | 2013-05-03 00:28:06 -0300 |
| commit | 2392916eab6ff3c60668dbece09d33dee1bfaa49 (patch) | |
| tree | 53f07f1573ea174098fb26b7bd6b840a14547bc9 /guides | |
| parent | bdaaaf6c71ef28b71ea2a6c4356303dddd95e943 (diff) | |
| download | rails-2392916eab6ff3c60668dbece09d33dee1bfaa49.tar.gz rails-2392916eab6ff3c60668dbece09d33dee1bfaa49.tar.bz2 rails-2392916eab6ff3c60668dbece09d33dee1bfaa49.zip | |
Simple grammar updates
Diffstat (limited to 'guides')
| -rw-r--r-- | guides/source/security.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 157cf9b001..f04129acdb 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -58,7 +58,7 @@ WARNING: _Stealing a user's session id lets an attacker use the web application Many web applications have an authentication system: a user provides a user name and password, the web application checks them and stores the corresponding user id in the session hash. From now on, the session is valid. On every request the application will load the user, identified by the user id in the session, without the need for new authentication. The session id in the cookie identifies the session. -Hence, the cookie serves as temporary authentication for the web application. Everyone who seizes a cookie from someone else, may use the web application as this user – with possibly severe consequences. Here are some ways to hijack a session, and their countermeasures: +Hence, the cookie serves as temporary authentication for the web application. Anyone who seizes a cookie from someone else, may use the web application as this user – with possibly severe consequences. Here are some ways to hijack a session, and their countermeasures: * Sniff the cookie in an insecure network. A wireless LAN can be an example of such a network. In an unencrypted wireless LAN it is especially easy to listen to the traffic of all connected clients. This is one more reason not to work from a coffee shop. For the web application builder this means to _provide a secure connection over SSL_. In Rails 3.1 and later, this could be accomplished by always forcing SSL connection in your application config file: @@ -942,7 +942,7 @@ Or you can remove them. config.action_dispatch.default_headers.clear ``` -Here is the list of common headers: +Here is a list of common headers: * X-Frame-Options _'SAMEORIGIN' in Rails by default_ - allow framing on same domain. Set it to 'DENY' to deny framing at all or 'ALLOWALL' if you want to allow framing for all website. |