Hi!
On protect_from_forgery inside controller.That will give you protection from
CSRF attack...enjoy!
Sample code
class Foo < ApplicationController
protect_from_forgery
.
.
other controller stuff.
end
On Fri, Nov 6, 2009 at 2:47 AM, tim <[email protected]> wrote:
> Hey All.
>
> We recently had a security audit done that raised an issue in regards
> to the
> lack of CSRF protection in activescaffold.
>
> What mechanisms are in place to prevent this, and what steps do we
> need to
> take to enable or use this feature.
>
>
> We are using rails 2.3.4
>
> Thanks.
>
> --
>
> You received this message because you are subscribed to the Google Groups
> "ActiveScaffold : Ruby on Rails plugin" group.
> To post to this group, send email to [email protected].
> For more options, visit this group at
> http://groups.google.com/group/activescaffold?hl=en.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"ActiveScaffold : Ruby on Rails plugin" group.
To post to this group, send email to [email protected].
For more options, visit this group at
http://groups.google.com/group/activescaffold?hl=en.
