Ok thanks, I'll consider that. You know, it looks like we may add a security-oriented ready-to-use built-in optional feature with very little change.
-f On Monday, October 1, 2012 3:24:14 PM UTC+2, Piotr Sarnacki wrote: > > I would say that this should be implemented as a plugin. As you mentioned, > this is something very rare and it seems that it's easy to implement it in > a way that users can just drop it in the Gemfile and set needed options. > > On Mon, Oct 1, 2012 at 12:13 AM, Fabrizio Regini > <free...@gmail.com<javascript:> > > wrote: > >> Hi everybody, >> I stumbled upon this idea today that redirect logs should be filterable, >> similarily to what happens for parameters. Maybe it's not a very common >> case, but it may happen that your Rails app performs a redirect to a >> resource which may be worth to keep secure. >> >> The first thing that comes to my mind are S3 HMAC signed resources. Most >> of the times those are printed out in HTML, but it may happen to have those >> resources served by your Rails app via a redirect. >> >> What do you think about it? >> >> I drafted out a possible solution here: >> https://github.com/freegenie/rails/commit/953f393c948e73db7fff34a88520b5c51684cce7 >> >> Should I open an issue and a pull request for this? >> >> Thanks, >> >> -f >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Core" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/rubyonrails-core/-/R0rRmaUO6VcJ. >> To post to this group, send email to >> rubyonra...@googlegroups.com<javascript:> >> . >> To unsubscribe from this group, send email to >> rubyonrails-co...@googlegroups.com <javascript:>. >> For more options, visit this group at >> http://groups.google.com/group/rubyonrails-core?hl=en. >> > > > > -- > Piotr Sarnacki > http://piotrsarnacki.com > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-core/-/YyjYhUvFtmkJ. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
