Agile Web Development with Rails

YOU ARE READING

Random

#rails #ruby

Agile Web Development with Rails

Start from the beginning

by nikkel

Part IV.Secure and Deploy Your Application 598

26 Securing Your Rails Application

599

26.1 SQLInjection ............................. 599

26.2 CreatingRecordsDirectlyfromFormParameters . . . . . . . 601

26.3 Don�ftTrustIDParameters ..................... 603

26.4 Don�ftExposeControllerMethods . . . . . . . . . . . . . . . . . 604

26.5 Cross-SiteScripting(CSS/XSS) . . . . . . . . . . . . . . . . . . 605

26.6 AvoidSessionFixationAttacks . . . . . . . . . . . . . . . . . . 607

26.7 FileUploads ............................. 608

Report erratum

Prepared exclusively for Jordan A. Fowler

CONTENTS

26.8 Don�ftStoreSensitiveInformationintheClear . . . . . . . . . 609

26.9 UseSSL toTransmitSensitiveInformation . . . . . . . . . . . 610

26.10 Don�ftCacheAuthenticatedPages . . . . . . . . . . . . . . . . . 611

26.11KnowingThatItWorks ....................... 611

27 Deployment and Production

613

27.1 StartingEarly............................. 614

27.2 HowaProductionServerWorks .................. 615

27.3 ComparingFront-EndWebServers . . . . . . . . . . . . . . . . 617

27.4 RepeatableDeploymentswithCapistrano . . . . . . . . . . . . 618

27.5 SettingUp aDeploymentEnvironment . . . . . . . . . . . . . . 619

27.6 CheckingUp onaDeployedApplication . . . . . . . . . . . . . 625

27.7 ProductionApplicationChores . . . . . . . . . . . . . . . . . . 626

27.8 MovingOntoLaunch andBeyond . . . . . . . . . . . . . . . . 627

Part V.Appendices 629

A Introduction to Ruby 630

A.1 RubyIsanObject-OrientedLanguage . . . . . . . . . . . . . . 630

A.2 RubyNames ............................. 631

A.3 Methods ................................ 632

A.4 Classes ................................ 634

A.5 Modules ................................ 636

A.6 ArraysandHashes ......................... 637

A.7 ControlStructures.......................... 638

A.8 RegularExpressions......................... 639

A.9 BlocksandIterators ......................... 639

A.10 Exceptions .............................. 640

A.11 MarshalingObjects ......................... 641

A.12 InteractiveRuby ........................... 641

A.13 RubyIdioms ............................. 641

A.14 RDocDocumentation ........................ 643

B Con.guration Parameters

644