Rails and web security [talk about Web security]

It is said that when a PC (Windows system) on the Internet, if there is no anti-virus software firewall, then within 10 minutes will be the fall of the city of the virus. Why is it so? Because when you surf the Internet, maybe some sites will be implanted virus, a Trojan horse or something, the site's users as long as a landing, if there is no protection measures, then your machine will certainly be immediately captured. Of course, the site is not intentionally to hang virus and Trojan to the user, mainly some sites at the beginning of the development or after the online has not considered the problem of web security, so that there are many security risks, resulting in malicious hacker control, resulting in such a scene. So how to prevent it?

After the ads more exciting:

Trend technology, let hacker virus, to die!

First, for ordinary users, can download some well-known security software to use, such as the trend of technology WTP, webmasters can also use the trend of the antivirus wall. But I think, to solve the fundamental, or from the beginning of the site development to prevent these vulnerabilities. Of course, the vulnerability is also changing, on the line after the deployment of a trend of the antivirus wall more insurance.

= =

As a rails developer, talk about the top ten web security vulnerabilities and how to guard against these vulnerabilities in rails development.

A1-cross Site scripting (XSS)

This is the cookie information that an attacker uses to embed JavaScript in a Web site to get a victim.

Rails2.0 's prevention of XSS attacks has also been enhanced, with texthelper#sanitize changed from blacklist to white list implementation. Specific attack methods are here: http://www.rorsecurity.info/2007/05/01/cross-site-scripting-user-agent-injection-attack-methods/

Help us to test our own projects.

Rails Policy:

1. Adding the H method to the view, the Safeerb plug-in function MS is not designed to help us avoid this step.

2. With whitelist, just said the RAILS2. 0 opened this method texthelper#sanitize.

3. When using Bluecloth and Redcloth, it should be used in conjunction with whitelist to avoid causing security problems.

4. Before Rails1.2.3 version, do not use To_json method, be careful of harm!

A2-injection Flaws