On 5 September 2010 08:24, Ted Han <[email protected]> wrote: > Hey gang (this is primarily a way to get a message to snusnu), > I am poking around w/ dm-rails and one thing that immediately jumped out at > me was the invocation that http://github.com/datamapper/dm-rails recommends > is just ripe for a man in the middle attack. Additionally invocation that > requires hitting the web means that you can't start new projects when you > don't have a net connection. > wycats suggested that there should be a railties generator that we > distribute with the dm-rails gem (like the ones used in beard for instance > http://github.com/carlhuda/beard/tree/master/lib/generators/ ). And while > that doesn't fix the MitM attack vector (which did spawn an interesting > conversation on twitter regarding rubygems' security model), it will reduce > the opportunity for attack and also make it runnable locally. > So if ppl think that's the way to go (i do), or have objections, please say > so! > -Ted
I agree, having it as a gem, while it's potentially slower moving for updates, seems like a more sensible idea, both from a security PoV and also the convenience of being able to do things offline. Regards Jon -- You received this message because you are subscribed to the Google Groups "DataMapper" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/datamapper?hl=en.
