[Nitro] Security problems

George Moschovitis george.moschovitis at gmail.com
Mon Nov 14 01:55:10 EST 2005


Such a helper is on my todo list for some time... If anyone can
contribute this it would be greatly appreciated.

-g.

On 11/13/05, zimba-tm <zimba.tm at gmail.com> wrote:
> Another actual subject is GWA (Google Web Accelerator).
>
> GWA works by prefetching links that are found on the page and it
> bypasses javascript confirmations. So if you have any sensitive
> operations (deletes, unsubscribes, ...) that work with GET, I suggest
> adding a helper to transform it in a POST form like rails did (+ a
> server-side check that it's a POST and not a GET query).
>
> Note : I don't know if this facility already exist in Nitro
>
> On 13/11/05, George Moschovitis <george.moschovitis at gmail.com> wrote:
> > > BTW on the note of commercial projects using Nitro, we have completed
> > > 2, launched one and are working on a third :)
> >
> > hey, can you tell us urls? and perhaps add links on the wiki?
> >
> > thats great news to hear!
> >
> > -g.
> >
> >
> > >
> > > On 11 Nov 2005, at 08:41, George Moschovitis wrote:
> > >
> > > > Dear devs,
> > > >
> > > > I am wondering if anyone has found (or can find) any security problems
> > > > with Nitro. Moreover, If anyone can suggest any common security
> > > > measures that could be wrapped in a controller helper/aspect I would
> > > > like to know. Even urls for (authoritive) articles regarding web site
> > > > security would be helpful.
> > > >
> > > > Thanks in advance,
> > > > George.
> > > >
> > > >
> > > > --
> > > > http://www.gmosx.com
> > > > http://www.navel.gr
> > > > http://www.nitrohq.com
> > > >
> > > > _______________________________________________
> > > > Nitro-general mailing list
> > > > Nitro-general at rubyforge.org
> > > > http://rubyforge.org/mailman/listinfo/nitro-general
> > >
> > > _______________________________________________
> > > Nitro-general mailing list
> > > Nitro-general at rubyforge.org
> > > http://rubyforge.org/mailman/listinfo/nitro-general
> > >
> >
> >
> > --
> > http://www.gmosx.com
> > http://www.navel.gr
> > http://www.nitrohq.com
> >
> > _______________________________________________
> > Nitro-general mailing list
> > Nitro-general at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/nitro-general
> >
>
>
> --
> Cheers,
>   zimba
>
> http://zimba.oree.ch
>
> _______________________________________________
> Nitro-general mailing list
> Nitro-general at rubyforge.org
> http://rubyforge.org/mailman/listinfo/nitro-general
>


--
http://www.gmosx.com
http://www.navel.gr
http://www.nitrohq.com




More information about the Nitro-general mailing list