September 4, 2009
Timing Weakness in Ruby on Rails
There is a weakness in the code Ruby on Rails uses to verify messagedigests in the cookie store. Because it uses a non-constant time algorithm toverify the signatures an attacker...
September 4, 2009
XSS Vulnerability in Ruby on Rails
There is a vulnerability in the escaping code for the form helpers inRuby on Rails. Attackers who can inject deliberately malformed unicodestrings into the form helpers can defeat the escaping...
September 2, 2009
A Month in Rails
Lots of great content coming out of the community in the past month. Below you’ll find some of the most useful tutorials and libraries I’ve found over the past few...
September 1, 2009
Gem Packaging: Best Practices
Understand Ruby’s Load Path<p>When you call <code>load</code> or <code>require</code> a new file, Ruby searches through the files in its load path. This allows you to require files relative to the...
August 31, 2009
Three reasons to love ActionController::Responder
A couple weeks ago, I wrote about the newly added ActionController::Responder which summarizes your application behavior for a specified format in just one place. For example, the default html behavior...
August 30, 2009
Upgrading to Snow Leopard
Last Friday, Apple released their new OS version: Snow Leopard. Upgrading to SL is very easy and even gives you back quite a lot of HD space.However a few things...
August 20, 2009
What's New in Edge Rails: No REST for the weary
This week’s post will be rather short and sweet. The notable commits of the week seemed to revolve mainly around refactoring and even slightly altering the way some of the...
August 13, 2009
What's New in Edge Rails: The BugMash Edition
Another week, another update on Edge Rails. And man, you aren’t making this easy on me, are ya? This weekend, in case you hadn’t already heard, was the first Rails...
August 11, 2009
Community Highlights: IronRuby
As Rubyists migrate from Ruby 1.8 to Ruby 1.9, new Rubyimplementations are gaining in maturity.Recently, IBM's Antonio Cangiano wrote an interesting article comparing the performance between Ruby 1.8, 1.9 and...
August 6, 2009
What's New in Edge Rails: The Hodgepodgery
It’s been quite a while since we’ve had a new Edge Rails post. I’ve really missed them and there have been a lot of changes, both big and small, on...