From the course: Ruby on Rails 5 Essential Training
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Prevent cross-site request forgery - Ruby on Rails Tutorial
From the course: Ruby on Rails 5 Essential Training
Prevent cross-site request forgery
- [Instructor] Website security is not a beginner topic, and the subject goes very deep. But I think it is important for us to discuss at least one security concern right now, if for no other reason, then because its turned on by default and you should understand what its doing for you. In this movie we'll be looking at Cross-site Request Forgery and how Rails helps us to prevent it. Cross-site request forgery is often abbreviated as CSRF. It's a type of attack on a website, which exploit a user's currently logged-in state in order to perform actions which normally require authentication. Let me give you an example. Imagine that you log into your bank account, via your bank's website. When you're done with your banking, you don't log out, you just close the browser window. You open up a new window and you start surfing around until you visit a page on another website which includes a special image tag. Instead of linking to an actual image, it has a URL for your bank, and that special…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.