Rails and web security digest #3

Better for security, worse for UX: Prevent information leaking in Rails

As in how to turn off browser caching.

Firefox Nightly starts marking login-forms in HTTP as insecure

If your site has any kind of login section, you’ll want to switch to HTTPs.

A few things about Redis security

The Redis security model is: “it’s totally insecure to let untrusted clients access the system, please protect it from the outside world yourself”.

HTTP Public Key Pinning: Set which Certificate Authorities you accept

HTTP Public Key Pinning, or HPKP, is a security policy delivered via a HTTP response header much like HSTS and CSP.

Lightweight beta authorization Rails engine for the Resource Owner Password Credentials Grant OAuth 2.0 flow

“It’s built for usage in API projects”

Like this kind of articles?

Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.

Unsubscribe at any time. Powered by ConvertKit