[LRUG] Rails 3 not logging HTTPS requests
javier ramirez
jramirez at aspgems.com
Wed Apr 4 09:52:13 PDT 2012
Hi,
> Running the whole site under https is a solution, but they asked me to
> 'protect' only a couple of controllers. I am not using a gem, I am
> using this in ApplicationController
Just be aware in that case your application would be vulnerable to
session stealing by intercepting your cookie (via firesheep, for
example) unless you are using the cookie only on the safe actions and
you mark it as secure only.
--
javier ramírez
..i do ruby on rails development in madrid, spain, at
http://www.aspgems.com
javier ramirez's home page (http://javier-ramirez.com)
<http://javier-ramirez.com>
javier ramirez's blog (http://formatinternet.com)
<http://formatinternet.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20120404/e76d2c33/attachment-0003.html>
More information about the Chat
mailing list