Join Kevin Skoglund for an in-depth discussion in this video Preventing cross-site request forgery, part of Ruby on Rails 3 Essential Training.
- View Offline
- Exercise Files
Website security is not exactly a beginner topic. The subject goes very deep.…But I think it's important for us to discuss at least one security concern…at the beginner level.…If for no other reason because it's turned on by default in Rails, you should…understand what Rails is doing for you.…In this movie, we'll be looking at cross-site request forgery.…It's often abbreviated as CSRF and sometimes pronounced as "sea-surf." What is CSRF?…Imagine that you log into your bank account via the bank's website.…When you're done with your banking, you don't logout. You just close the browser window.…
Then you open a new window, and start surfing around until you visit another…page on another web site that includes a special image tag, or another similar asset.…Instead of linking to an actual image though, this special image tag tells your…browser to make a request to your bank's web site and the request has been…carefully constructed to do bad things.…The site hosting this evil image tag may not even have bad intentions.…
- Understanding MVC (Model View Controller ) architecture
- Routing browser requests through the framework
- Responding to requests with dynamic content
- Defining associations and database relationships
- Creating, reading, updating and deleting records
- Working with forms
- Validating form data
- Reviewing built-in security features
- Authenticating users and managing user access
- Debugging and error handling
Skill Level Beginner
1. What Is Ruby on Rails?
2. Installing Ruby on Rails on a Mac
3. Installing Ruby on Rails on a Windows Machine
4. Getting Started
5. Controllers, Views, and Dynamic Content
6. Databases and Migrations
7. Models, ActiveRecord, and ActiveRelation
9. Controllers and CRUD
10. Layouts, Partials, and View Helpers
12. Data Validation
13. User Authentication
14. Improving the Simple CMS
15. Debugging and Error Handling
16. Introducing More Advanced Topics
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.