Screencast: 7 Sicherheitstips
7.09.2009
Auf Screencasts.com ist heute ein weiterer Screencast erschienen. In dieser Folge werden sieben Tips beschrieben um die Sicherheit innerhalb Rails-Applikationen zu erhöhen.
Downloadlinks:
Download (22.2 MB, 14:53)
Alternativer Download for iPod & Apple TV(16.9 MB, 14:53)
Weitere Ressourcen:
- Rails Security Guide
- Full episode source code
Links und Quellcodes zu den einzelnen Beispielen:
1 Mass Assignment:
# script/console p = Project.find(2) p.update_attributes(:task_ids => [4]) p.tasks # models/project.rb attr_accessible :name, :photo
2 File Uploads
Disabling Script Execution with Apache
# models/project.rb validates_attachment_content_type :photo, :content_type => ['image/jpeg', 'image/png'] # more security required
3 Filter Log Params
Episode 9: Filtering Sensitive Logs
# application_controller.rb filter_parameter_logging :password
4 CSRF Protection
Cross-site Request Forgery
Rails authenticity token with jQuery
# application_controller.rb protect_from_forgery
5 Authorizing Ownership
# projects_controller.rb def show @project = current_user.projects.find(params[:id]) end
6 SQL Injection
SQL Injection
Episode 25: SQL Injection
# projects_controller.rb
def index
@projects = current_user.projects.all(:conditions => ["name like ?", "%#{params[:search]}%"])
end
7 HTML Injection (XSS)
Cross Site Scripting
Episode 27: Cross Site Scripting
<!-- projects/show.html.erb --> <%=h task.name %>
Eingestellt am 07.09.2009 um 11:42
Suchen auf rubyonrails.de
Tags
2.0 ActiveRecord Ajax Authentication Buch Capistrano Controller Enterprise Event Formulare Gewinnspiel Grundlagen IDE irb jQuery Kochbuch Konferenz MySQL OReilly Passenger Performance Phusion Plugin PragProgs Rails Rails 3 Rails 3.1 Release Release Candidate Routing Ruby RubyGems rubyonrails.de Ryan Bates Sass Screencast Script-Tip Security Test Tools Tutorial Upgrade Video Views WindowsAktuelle Artikel
- Ruby on Rails Volltextsuche mit ElasticSearch und Tire
- VHS on Rails
- Screencast: Bildbearbeitung mit RMagick
- Screencast: Bullet
- Screencast: Ransack
- Screencast: MiniProfiler
- Screencast: Sidekiq
- Screencast: Active Records Reputation System
- Screencast: Datenexport nach Excel oder CSV
- Screencast: Authentifizierung über Facebook
Artikel Archiv
- October 2012
- August 2012
- July 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- May 2009
- April 2009
- March 2009
- February 2009
- December 2008
- November 2008
- August 2008
- July 2008
- June 2008
- May 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
Aktuelle Rails Version + Abhängigkeiten:
Gem rails-3.0.0actionmailer (= 3.0.0, runtime)
actionpack (= 3.0.0, runtime)
activerecord (= 3.0.0, runtime)
activeresource (= 3.0.0, runtime)
activesupport (= 3.0.0, runtime)
bundler (~> 1.0.0, runtime)
railties (= 3.0.0, runtime)
Rails auf Rubyforge
Rails auf Github