Sessions

I’m an experienced programmer, but new to Rails.

I would like to echo an unanswered question I’ve recently read
elsewhere.

Can any recommend an overview of get/post, cookies, sessions, etc.,
and how Ruby on Rails interacts with all of this?

I’m interested in understanding how to harden a Rails application

Regards

Dave

Read “Agile Development with Rails” by the God of Rails, David
Heinemeier
Hansson. Or anything he has written. Doesn’t get any better.

2009/11/11 Dave E. [email protected]

On Wed, Nov 11, 2009 at 1:00 AM, Dave E. [email protected]
wrote:

Can any recommend an overview of get/post, cookies, sessions, etc.,
and how Ruby on Rails interacts with all of this?

I would start by reading the HTTP RFC(s).


Hassan S. ------------------------ [email protected]
twitter: @hassan

Dave E. wrote:

I’m an experienced programmer, but new to Rails.

I would like to echo an unanswered question I’ve recently read
elsewhere.

Can any recommend an overview of get/post, cookies, sessions, etc.,
and how Ruby on Rails interacts with all of this?

I’m interested in understanding how to harden a Rails application

Do you need to? The framework already plugs a lot of common loopholes
(provided the app doesn’t do stupid things). See if Rails is already
doing what you need.

Also check out http://www.rorsecurity.info .

Regards

Dave

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

In message
[email protected], Kemal
Pince [email protected] writes

Read “Agile Development with Rails” by the God of Rails, David Heinemeier
Hansson. Or anything he has written. Doesn’t get any better.

Thanks, yes I’ve read chapter 26: Securing Your Rails Application.

In message
[email protected], Hassan
Schroeder [email protected] writes

I would start by reading the HTTP RFC(s).

Yes

In message [email protected], Marnen
Laibow-Koser [email protected] writes

Dave E. wrote:

I’m interested in understanding how to harden a Rails application

Do you need to? The framework already plugs a lot of common loopholes
(provided the app doesn’t do stupid things). See if Rails is already
doing what you need.

Of course

Also check out http://www.rorsecurity.info .

Thanks

I’ve now downloaded the book, too

http://www.owasp.org/index.php/File:Owasp-rails-security.pdf

Regards

Dave