Better for security, worse for UX: Prevent information leaking in Rails
As in how to turn off browser caching.
Firefox Nightly starts marking login-forms in HTTP as insecure
If your site has any kind of login section, you’ll want to switch to HTTPs.
A few things about Redis security
The Redis security model is: “it’s totally insecure to let untrusted clients access the system, please protect it from the outside world yourself”.
HTTP Public Key Pinning: Set which Certificate Authorities you accept
HTTP Public Key Pinning, or HPKP, is a security policy delivered via a HTTP response header much like HSTS and CSP.
Lightweight beta authorization Rails engine for the Resource Owner Password Credentials Grant OAuth 2.0 flow
“It’s built for usage in API projects”
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.
