[LRUG] Rails 3 not logging HTTPS requests

javier ramirez jramirez at aspgems.com
Wed Apr 4 09:52:13 PDT 2012


Hi,

> Running the whole site under https is a solution, but they asked me to 
> 'protect' only a couple of controllers. I am not using a gem, I am 
> using this in ApplicationController

Just be aware in that case your application would be vulnerable to 
session stealing by intercepting your cookie (via firesheep, for 
example) unless you are using the cookie only on the safe actions and 
you mark it as secure only.

-- 

javier ramírez

..i do ruby on rails development in madrid, spain, at 
http://www.aspgems.com

javier ramirez's home page (http://javier-ramirez.com) 
<http://javier-ramirez.com>
javier ramirez's blog (http://formatinternet.com) 
<http://formatinternet.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20120404/e76d2c33/attachment-0003.html>


More information about the Chat mailing list