date:20100812

Re: two security questions

2010-08-12 Thread Magnus Holm

This example worked here:

require 'rubygems'
require 'rack/csrf'
require 'camping'
require 'camping/session'

Camping.goes :Hello

module Hello
  use Rack::Csrf
  include Camping::Session
end

module Hello::Controllers
  class Index
def get
  Rack::Csrf.csrf_token(@env)
end
  end
end

Notice that you'll have to reverse the `use`-lines. Maybe we should
file that as a bug? Since it works the other way both in Rackup files
and Sinatra?

// Magnus Holm



On Wed, Aug 11, 2010 at 21:33, David Susco dsu...@gmail.com wrote:
 Ted,

 Do you use Camping::Session with Rack::Csrf? If so, how did you get it
 to work? Once I include Camping::Session the csrf_token changes every
 time I call the method.

 Can anyone explain what include Camping::Session is actually doing?

 Dave

 On Mon, Aug 9, 2010 at 12:22 PM, Ted Kimble t...@tedkimble.com wrote:
 For cross-site request forgery protection I've simply used the
 Rack::Csrf middleware before (http://github.com/baldowl/rack_csrf).
 The github page is pretty self explanatory.

 For Haml, you should just be able to set its :escape_html option to
 true and then

    %p= @something_nasty

 will be escaped by default. See:

 http://haml-lang.com/docs/yardoc/file.HAML_REFERENCE.html#escape_html-option

 for more info.

 Best,
 Ted

 On Mon, Aug 9, 2010 at 9:15 AM, David Susco dsu...@gmail.com wrote:
 Hey guys,

 What do people do to protect against cross-site request forgery? To
 mimic what rails does I was thinking of creating a unique key for each
 session, and then in my logged_in? helper checking if the key passed
 by the user matches the one I set in the session.

 On the second question, I'm using Tilt with Haml templates. Any idea
 how I can set Haml's :escape_html option so each template escapes all
 HTML within variables?

 --
 Dave
 ___
 Camping-list mailing list
 Camping-list@rubyforge.org
 http://rubyforge.org/mailman/listinfo/camping-list

 ___
 Camping-list mailing list
 Camping-list@rubyforge.org
 http://rubyforge.org/mailman/listinfo/camping-list




 --
 Dave
 ___
 Camping-list mailing list
 Camping-list@rubyforge.org
 http://rubyforge.org/mailman/listinfo/camping-list

___
Camping-list mailing list
Camping-list@rubyforge.org
http://rubyforge.org/mailman/listinfo/camping-list

Fwd: Need input on proposed tweaks to www.ruby-camping.com

2010-08-12 Thread Philippe Monnet

 Pigy made some great suggestions for the site - see 
http://github.com/camping/camping/issues/#issue/23
I pushed the changes to my personal staging site: 
http://rubycamping.monnet-usa.com/


Could you guys take a look and let me know if you like the new version 
better than the current draft of the site 
(http://www.ruby-camping.com/)? Based on the group feedback I''ll make 
some further tweaks or just push the changes to the main site this week-end.


Philippe

___
Camping-list mailing list
Camping-list@rubyforge.org
http://rubyforge.org/mailman/listinfo/camping-list

Re: two security questions

Fwd: Need input on proposed tweaks to www.ruby-camping.com

2 matches

Site Navigation

Mail list logo

Footer information