Review the basics of cross-site request forgery (CSRF) and then learn how Rails implements a CSRF-token pattern to ensure that forms cannot be forged. Using the Rails’ form helpers will automatically add the necessary CSRF-token.
- [Instructor] Website security is not a beginner topic,…and the subject goes very deep.…But I think it is important for us to discuss…at least one security concern right now,…if for no other reason,…then because its turned on by default and you should…understand what its doing for you.…In this movie we'll be looking at…Cross-site Request Forgery and how Rails…helps us to prevent it.…Cross-site request forgery is often…abbreviated as CSRF.…It's a type of attack on a website,…which exploit a user's currently logged-in state…in order to perform actions which normally…require authentication.…
Let me give you an example.…Imagine that you log into your bank account,…via your bank's website.…When you're done with your banking,…you don't log out,…you just close the browser window.…You open up a new window and you start surfing around…until you visit a page on another website…which includes a special image tag.…Instead of linking to an actual image,…it has a URL for your bank,…and that special images tells your browser…to make a request to your bank's website,…
- Creating and configuring a new Ruby on Rails project
- Generating controllers and views
- Handling server requests
- Using different types of routes
- Rendering and viewing templates
- Generating migrations and models
- Creating, updating, and deleting records
- Finding records with queries
- Understanding relationship types
- Writing controllers for CRUD
- Working with layouts and helpers
- Managing application assets
- Building forms
- Validating data
- Authenticating users
Skill Level Beginner
1. What Is Ruby on Rails?
2. Get Started
3. Controllers, Views, and Dynamic Content
4. Databases and Migrations
5. Models and ActiveRecord
7. CRUD, REST, and Resourceful Routes
8. Controllers and CRUD
9. Layouts, Partials, and View Helpers
12. Data Validation
13. Controller Features
14. User Authentication
15. Improve the Simple CMS
Next steps1m 44s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.