All posts tagged ruby on rails

Ruby on Rails WebDAV Tutorial

web
By On January 27, 2012 In Technology With No Comments Permanent Link to Ruby on Rails WebDAV TutorialPermalink

Ever wanted a Devise authenticated, per-user chroot’d, WebDAV implementation for your Ruby on Rails application? Well I created one for a client and wrote a tutorial about it on Github!  Check it out:

Rails 3 WebDAV Tutorial with Custom Resources, Authentication with Devise, and User Specific Routing

The great gem DAV4Rack and its creator Chris Roberts deserve a huge shout-out.

Note: The tutorial is part of a Wiki and is subject to change.

Update: I built a sample app for this and it is available on Github: github.com/bryanrite/dav4rack-example-devise-subdirectories

Ruby on Rails CookieStore Security Concerns: Lifetime Pass

4839612753_d03954b19d_b
By On September 9, 2011 In Technology With No Comments Permanent Link to Ruby on Rails CookieStore Security Concerns: Lifetime PassPermalink

The CookieStore session storage in Ruby on Rails is not new; in fact, it has been the default session store since Rails 2.0. Since then, there have been countless blog posts and forum threads discussing various security concerns vs a server-sided store (ActiveRecordStore, Memcache, SqlStore, etc.). They all seem to miss an important point: by default, a stolen cookie gives the thief a lifetime pass to a user account!

I will explain how this happens and some steps you can implement to mitigate it.

Continue Reading →