aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/security.md
Commit message (Collapse)AuthorAgeFilesLines
* Log which keys were set to nil in deep_mungeLukasz Sarnacki2014-01-281-0/+43
| | | | | | | | deep_munge solves CVE-2013-0155 security vulnerability, but its behaviour is definately confuisng. This commit adds logging to deep_munge. It logs keys for which values were set to nil. Also mentions in guides were added.
* clean up security guide: his => their [ci skip]Rex Feng2014-01-161-1/+1
|
* [ci skip] Added alias to CSRFUday Kadaboina2014-01-141-2/+2
|
* CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-171-3/+5
| | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking
* [ci skip] Removing some gender sensitive object pronounsTejas Dinkar2013-12-021-6/+6
|
* Use genderless pronouns in security guide. [ci skip]Vipul A M2013-12-021-18/+18
| | | | related #49ff20d9b164693ed7fee880b69cc14b141678b3
* Update security.mdAdam2013-11-081-1/+1
| | | | | | Hi Guys I was reading through this guide last night and noticed a small mistake, would be great if you could update it. I changed the word 'building' to 'build' in line 20. "Web application frameworks are made to help developers building web applications"
* incorrect urlSergio2013-09-161-1/+1
| | | incorrect url
* incorrect urls Sergio2013-09-161-2/+2
| | | I've found two incorrects urls for adding ':' at the end of the url
* surplus : in attachment_fu pluginSergio2013-09-151-1/+1
| | | surplus ':' character in url
* Improves a sentence in guides/securityHannes Fostie2013-09-091-1/+1
| | | | Changed "... books make this wrong" to "... books get this wrong"
* cleans the guides sources from fancy non-ASCII stuffXavier Noria2013-08-231-22/+22
|
* remove language about configuring digest method [ci skip]Justin George2013-07-311-1/+1
|
* update guide to reflect default HMAC SHA1 in MessageVerifier used in ↵Justin George2013-07-301-1/+1
| | | | SignedCookieStore [ci skip]
* Remove double spaces in guidesSunny Ripert2013-05-281-2/+2
|
* Simple grammar updatesJonathan Roes2013-05-031-2/+2
|
* Fix typo "can exploited" with "can be exploited"Leo Gallucci2013-05-011-1/+1
|
* Ruby On Rails -> Ruby on Rails [ci skip]Xavier Noria2013-04-161-1/+1
|
* ReCAPTCHA plug-in link now points to Github repo. Plug-in is no longer ↵sthollmann2013-03-271-1/+1
| | | | available at the previous location
* Remove mass-assignment line from guide summaryAndrew Wilcox2013-01-251-1/+0
|
* PUT => PATCH or PUTAkira Matsuda2013-01-021-1/+1
|
* Updated security guide to reference secret_key_base instead of secret_token, ↵Gary S. Weaver2012-12-211-3/+3
| | | | with a little information about the change from CookieStore to EncryptedCookieStore.
* Updated security guide with information about secret_token.rb and to suggest ↵Gary S. Weaver2012-12-211-7/+11
| | | | securing sensitive files like database.yml and secret_token.rb
* remove Mass Assignment reference from Security Guide [ci skip]Francesco Rodriguez2012-12-101-1/+0
|
* Security Guide: removing Mass Assignment.Steve Klabnik2012-12-081-135/+0
| | | | | | Since mass assignment doesn't exist anymore, we don't need to discuss it. I checked with @fxn last night before making this change.
* update guides to use _action callbacks [ci skip]Francesco Rodriguez2012-12-071-1/+1
|
* Normalize on 'After reading this guide, you will know:'Steve Klabnik2012-11-291-1/+3
| | | | | We have three or four different introduction sentences to the guides. After this commit, we use the same one everywhere.
* Add periods to the bullet points in guides.Steve Klabnik2012-11-291-7/+7
| | | | Talked with @fxn about this. Bullet points should have periods at the ends.
* use em-dashes instead of two minuses in guidesburningTyger2012-11-101-2/+2
|
* migrating guides to new hash syntaxAvnerCohen2012-10-101-13/+13
|
* Make strong_parameters example simplerGuillermo Iguaran2012-09-301-4/+5
|
* update Security guide to reflect mass assignment protection with ↵Francesco Rodriguez2012-09-241-58/+79
| | | | StrongParameters [ci skip]
* Fix the usage of `*` in MarkdownPrem Sichanugrist2012-09-171-7/+7
| | | | | In Textile `*` would convert to `<strong>`, but in Markdown we have to use `**` instead.
* Fix remaining formatting problems in the guidePrem Sichanugrist2012-09-171-78/+79
|
* Convert image tags to Markdown syntaxPrem Sichanugrist2012-09-171-2/+2
|
* Convert all the links into Markdown formatPrem Sichanugrist2012-09-171-31/+31
|
* Convert all inline codes to Markdown syntaxPrem Sichanugrist2012-09-171-28/+28
|
* Convert inline code tags to MarkdownPrem Sichanugrist2012-09-171-4/+4
|
* Convert heading tags and heading sectionPrem Sichanugrist2012-09-171-61/+72
|
* Convert code blocks into GFM stylePrem Sichanugrist2012-09-171-147/+147
|
* Rename the rest of the guides to MarkdownPrem Sichanugrist2012-09-171-0/+1070