RailsLodge - Secure Action plugin

Secure Action plugin

Plugin details

A Ruby on Rails plugin for defending against assumed logged in attacks.

Websitehttp://code.google.com/p/secure-action-plugin/ Repositoryhttp://secure-action-plugin.googlecode.com/svn/ Author Brian Ellin Tags Security LicenseMIT

Documentation

Install the plugin:

ruby script/plugin install http://secure-action-plugin.googlecode.com/svn/

Usage
-----

Call the secure_actions method in the controllers you'd like to secure. secure_actions accepts :all or :only|:except => [:action].

class AccountController < ApplicationController

  secure_actions :only => [:change_email]
  # or secure_actions :except => [:index, :foo]
  # or secure_actions :all

  def change_email
    user = logged_in_user
    user.email = params[:email]
    user.save
  end

end

This above code adds a signature to all URLs generated that point to that action, and creates a filter that verifies the signature before running the action. It ensures that the correct user has generated the form or link for the action to be executed, preventing malicious URLs from harming your users.

Further Documentation

There is currently no advanced documentation for this plugin.

New documentation

Edit plugin | (0 older versions) | Last edited by: hardway, 7 months ago

Plugin Links

Secure Action home

Secure Action plugin

Plugin details

Documentation

Further Documentation

Plugin Links

Plugin Search

Plugin Tags

Sponsors