[Nitro] Security problems

zimba-tm zimba.tm at gmail.com
Sun Nov 13 13:47:07 EST 2005


Another actual subject is GWA (Google Web Accelerator).

GWA works by prefetching links that are found on the page and it
bypasses javascript confirmations. So if you have any sensitive
operations (deletes, unsubscribes, ...) that work with GET, I suggest
adding a helper to transform it in a POST form like rails did (+ a
server-side check that it's a POST and not a GET query).

Note : I don't know if this facility already exist in Nitro

On 13/11/05, George Moschovitis <george.moschovitis at gmail.com> wrote:
> > BTW on the note of commercial projects using Nitro, we have completed
> > 2, launched one and are working on a third :)
>
> hey, can you tell us urls? and perhaps add links on the wiki?
>
> thats great news to hear!
>
> -g.
>
>
> >
> > On 11 Nov 2005, at 08:41, George Moschovitis wrote:
> >
> > > Dear devs,
> > >
> > > I am wondering if anyone has found (or can find) any security problems
> > > with Nitro. Moreover, If anyone can suggest any common security
> > > measures that could be wrapped in a controller helper/aspect I would
> > > like to know. Even urls for (authoritive) articles regarding web site
> > > security would be helpful.
> > >
> > > Thanks in advance,
> > > George.
> > >
> > >
> > > --
> > > http://www.gmosx.com
> > > http://www.navel.gr
> > > http://www.nitrohq.com
> > >
> > > _______________________________________________
> > > Nitro-general mailing list
> > > Nitro-general at rubyforge.org
> > > http://rubyforge.org/mailman/listinfo/nitro-general
> >
> > _______________________________________________
> > Nitro-general mailing list
> > Nitro-general at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/nitro-general
> >
>
>
> --
> http://www.gmosx.com
> http://www.navel.gr
> http://www.nitrohq.com
>
> _______________________________________________
> Nitro-general mailing list
> Nitro-general at rubyforge.org
> http://rubyforge.org/mailman/listinfo/nitro-general
>


--
Cheers,
  zimba

http://zimba.oree.ch




More information about the Nitro-general mailing list