aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/security.md
Commit message (Collapse)AuthorAgeFilesLines
...
* Don't convert empty arrays to nils when deep munging paramsChris Sinjakli2014-12-151-4/+4
|
* Fixing wrong link in 'Ruby on Rails Security Guide' [ci skip]Javier Vidal2014-11-221-1/+1
| | | | | | | | | | The URL http://www.h-online.com/security/Symantec-reports-first-active-attack-on-a-DSL-router--/news/102352 points to an article titled 'The H is closing down'. The good one is: http://www.h-online.com/security/news/item/Symantec-reports-first-active-attack-on-a-DSL-router-735883.html
* [ci skip] re-worded section on CookieStore to make it more readable.Tom Kadwill2014-08-161-3/+3
|
* Point to rubygems instead of Rails GitHub. [ci skip]Rafael Mendonça França2014-08-151-1/+1
| | | | The rails repository is not the official plugin anymore
* Fixed link for in_place_editor [ci skip]Arun Agrawal2014-08-151-1/+1
| | | | closes #16512
* correct markdown usage [ci skip]Nishant Modak2014-07-091-6/+6
|
* remove rubyforge.org that was shut down [ci skip]Gaurav Sharma2014-06-061-1/+1
|
* Replace first person point of view on guides.Hendy Tanata2014-05-161-7/+7
| | | | [skip ci]
* [ci skip] Security guide clarity.Kyle Heironimus2014-05-011-2/+2
|
* Remove statement assuming coffee shop/public space wifi is inherently insecureNick Quaranto2014-04-191-1/+1
|
* Include default rails protect_from_forgery with: :exceptionPaulL12014-04-171-4/+4
| | | | | | Extend previous changes, include the default line from the application controller that new rails applications are created with: protect_from_forgery with: :exception Minor wording changes to align.
* CSRF protection should rescue exception not extendPaulL12014-04-171-3/+2
| | | | | I think the changes to the default behaviour mean that rails will throw an exception when an invalid authenticity token is found. The previous proposed code of calling super then sign_out meant that sign_out was never reached - the exception handler never returned. I think the best approach now is to catch the exception, although I'm not 100% certain on that.
* [ci skip] Use plain underscore instead of "\_".Juanito Fatas2014-04-131-2/+2
|
* W3C CSP document moved to gihub.io URL [ci skip]Andy Callaghan2014-04-051-1/+1
| | | The old link https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html is now being soft redirected to this new URL
* [ci skip] use secrets.secret_key_base instead of config.secret_key_baseKuldeep Aggarwal2014-03-011-3/+10
| | | | use secrets.yml instead of secret_token.rb
* Add verb to sanitization noteDave Jachimiak2014-02-141-1/+1
|
* Log which keys were set to nil in deep_mungeLukasz Sarnacki2014-01-281-0/+43
| | | | | | | | deep_munge solves CVE-2013-0155 security vulnerability, but its behaviour is definately confuisng. This commit adds logging to deep_munge. It logs keys for which values were set to nil. Also mentions in guides were added.
* clean up security guide: his => their [ci skip]Rex Feng2014-01-161-1/+1
|
* [ci skip] Added alias to CSRFUday Kadaboina2014-01-141-2/+2
|
* CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-171-3/+5
| | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking
* [ci skip] Removing some gender sensitive object pronounsTejas Dinkar2013-12-021-6/+6
|
* Use genderless pronouns in security guide. [ci skip]Vipul A M2013-12-021-18/+18
| | | | related #49ff20d9b164693ed7fee880b69cc14b141678b3
* Update security.mdAdam2013-11-081-1/+1
| | | | | | Hi Guys I was reading through this guide last night and noticed a small mistake, would be great if you could update it. I changed the word 'building' to 'build' in line 20. "Web application frameworks are made to help developers building web applications"
* incorrect urlSergio2013-09-161-1/+1
| | | incorrect url
* incorrect urls Sergio2013-09-161-2/+2
| | | I've found two incorrects urls for adding ':' at the end of the url
* surplus : in attachment_fu pluginSergio2013-09-151-1/+1
| | | surplus ':' character in url
* Improves a sentence in guides/securityHannes Fostie2013-09-091-1/+1
| | | | Changed "... books make this wrong" to "... books get this wrong"
* cleans the guides sources from fancy non-ASCII stuffXavier Noria2013-08-231-22/+22
|
* remove language about configuring digest method [ci skip]Justin George2013-07-311-1/+1
|
* update guide to reflect default HMAC SHA1 in MessageVerifier used in ↵Justin George2013-07-301-1/+1
| | | | SignedCookieStore [ci skip]
* Remove double spaces in guidesSunny Ripert2013-05-281-2/+2
|
* Simple grammar updatesJonathan Roes2013-05-031-2/+2
|
* Fix typo "can exploited" with "can be exploited"Leo Gallucci2013-05-011-1/+1
|
* Ruby On Rails -> Ruby on Rails [ci skip]Xavier Noria2013-04-161-1/+1
|
* ReCAPTCHA plug-in link now points to Github repo. Plug-in is no longer ↵sthollmann2013-03-271-1/+1
| | | | available at the previous location
* Remove mass-assignment line from guide summaryAndrew Wilcox2013-01-251-1/+0
|
* PUT => PATCH or PUTAkira Matsuda2013-01-021-1/+1
|
* Updated security guide to reference secret_key_base instead of secret_token, ↵Gary S. Weaver2012-12-211-3/+3
| | | | with a little information about the change from CookieStore to EncryptedCookieStore.
* Updated security guide with information about secret_token.rb and to suggest ↵Gary S. Weaver2012-12-211-7/+11
| | | | securing sensitive files like database.yml and secret_token.rb
* remove Mass Assignment reference from Security Guide [ci skip]Francesco Rodriguez2012-12-101-1/+0
|
* Security Guide: removing Mass Assignment.Steve Klabnik2012-12-081-135/+0
| | | | | | Since mass assignment doesn't exist anymore, we don't need to discuss it. I checked with @fxn last night before making this change.
* update guides to use _action callbacks [ci skip]Francesco Rodriguez2012-12-071-1/+1
|
* Normalize on 'After reading this guide, you will know:'Steve Klabnik2012-11-291-1/+3
| | | | | We have three or four different introduction sentences to the guides. After this commit, we use the same one everywhere.
* Add periods to the bullet points in guides.Steve Klabnik2012-11-291-7/+7
| | | | Talked with @fxn about this. Bullet points should have periods at the ends.
* use em-dashes instead of two minuses in guidesburningTyger2012-11-101-2/+2
|
* migrating guides to new hash syntaxAvnerCohen2012-10-101-13/+13
|
* Make strong_parameters example simplerGuillermo Iguaran2012-09-301-4/+5
|
* update Security guide to reflect mass assignment protection with ↵Francesco Rodriguez2012-09-241-58/+79
| | | | StrongParameters [ci skip]
* Fix the usage of `*` in MarkdownPrem Sichanugrist2012-09-171-7/+7
| | | | | In Textile `*` would convert to `<strong>`, but in Markdown we have to use `**` instead.
* Fix remaining formatting problems in the guidePrem Sichanugrist2012-09-171-78/+79
|