aboutsummaryrefslogtreecommitdiffstats
path: root/railties/guides/source/security.textile
diff options
context:
space:
mode:
authorLee Reilly <lee@leereilly.net>2011-05-25 13:15:18 -0700
committerLee Reilly <lee@leereilly.net>2011-05-25 13:15:18 -0700
commit1d637d2f4807d806eabb4b518d15e8004b64b9b4 (patch)
tree7948d29511c41ca51ce11e9614743fbedff488d0 /railties/guides/source/security.textile
parent29ff12b738280f1f6a2a669cd49ec83125b04fb4 (diff)
downloadrails-1d637d2f4807d806eabb4b518d15e8004b64b9b4.tar.gz
rails-1d637d2f4807d806eabb4b518d15e8004b64b9b4.tar.bz2
rails-1d637d2f4807d806eabb4b518d15e8004b64b9b4.zip
Typo; changed 'colour' to 'color' & 'analysed' to 'analyzed'
Diffstat (limited to 'railties/guides/source/security.textile')
-rw-r--r--railties/guides/source/security.textile6
1 files changed, 3 insertions, 3 deletions
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile
index 1a1339137c..412ded1d0b 100644
--- a/railties/guides/source/security.textile
+++ b/railties/guides/source/security.textile
@@ -540,7 +540,7 @@ Most bots are really dumb, they crawl the web and put their spam into every form
Here are some ideas how to hide honeypot fields by JavaScript and/or CSS:
* position the fields off of the visible area of the page
-* make the elements very small or colour them the same as the background of the page
+* make the elements very small or color them the same as the background of the page
* leave the fields displayed, but tell humans to leave them blank
The most simple negative CAPTCHA is one hidden honeypot field. On the server side, you will check the value of the field: If it contains any text, it must be a bot. Then, you can either ignore the post or return a positive result, but not saving the post to the database. This way the bot will be satisfied and moves on. You can do this with annoying users, too.
@@ -567,7 +567,7 @@ h4. Good Passwords
-- _Do you find it hard to remember all your passwords? Don't write them down, but use the initial letters of each word in an easy to remember sentence._
-Bruce Schneier, a security technologist, "has analysed":http://www.schneier.com/blog/archives/2006/12/realworld_passw.html 34,000 real-world user names and passwords from the MySpace phishing attack mentioned <a href="#examples-from-the-underground">below</a>. It turns out that most of the passwords are quite easy to crack. The 20 most common passwords are:
+Bruce Schneier, a security technologist, "has analyzed":http://www.schneier.com/blog/archives/2006/12/realworld_passw.html 34,000 real-world user names and passwords from the MySpace phishing attack mentioned <a href="#examples-from-the-underground">below</a>. It turns out that most of the passwords are quite easy to crack. The 20 most common passwords are:
password1, abc123, myspace1, password, blink182, qwerty1, ****you, 123abc, baseball1, football1, 123456, soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1, iloveyou1, and monkey.
@@ -885,7 +885,7 @@ The "moz-binding":http://www.securiteam.com/securitynews/5LP051FHPE.html CSS pro
h5(#css-injection-countermeasures). Countermeasures
-This example, again, showed that a blacklist filter is never complete. However, as custom CSS in web applications is a quite rare feature, I am not aware of a whitelist CSS filter. _(highlight)If you want to allow custom colours or images, you can allow the user to choose them and build the CSS in the web application_. Use Rails' +sanitize()+ method as a model for a whitelist CSS filter, if you really need one.
+This example, again, showed that a blacklist filter is never complete. However, as custom CSS in web applications is a quite rare feature, I am not aware of a whitelist CSS filter. _(highlight)If you want to allow custom colors or images, you can allow the user to choose them and build the CSS in the web application_. Use Rails' +sanitize()+ method as a model for a whitelist CSS filter, if you really need one.
h4. Textile Injection