This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Ruby on Rails Connection Security Cheatsheet

From OWASP

Jump to: navigation, search

When securing a rails application it is essential to enforce connection security.

Its is done with simple configuration in rails by enabling TLS and forcing it:

  # config/environments/production.rb
  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies
  config.force_ssl = true

Uncomment the line 3 as above in your configuration for production.

Retrieved from "https://wiki.owasp.org/index.php?title=Ruby_on_Rails_Connection_Security_Cheatsheet&oldid=238178"

Pages with syntax highlighting errors