[LRUG] Rails 3 not logging HTTPS requests
jramirez at aspgems.com
Wed Apr 4 09:52:13 PDT 2012
> Running the whole site under https is a solution, but they asked me to
> 'protect' only a couple of controllers. I am not using a gem, I am
> using this in ApplicationController
Just be aware in that case your application would be vulnerable to
session stealing by intercepting your cookie (via firesheep, for
example) unless you are using the cookie only on the safe actions and
you mark it as secure only.
..i do ruby on rails development in madrid, spain, at
javier ramirez's home page (http://javier-ramirez.com)
javier ramirez's blog (http://formatinternet.com)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chat