itsastickup wrote: > Is there an issue with urls and security? How should I be encoding > them? More than just h()?
Firstly h() doesn't encode URLs. Secondly URL encoding is not about security. URL encoding is used to convert characters in a URL to those of the limited set of characters that are valid for URLs. See: http://www.w3schools.com/TAGS/ref_urlencode.asp The Rails security guide posted by Greg contains the information you need to know to secure your Rails application. If you're querying about the security of the transmission of data between the client user agent (browser) and the web server, this is provided by the SSL/TLS protocol. SSL/TLS is common to all web sites and applications that need to protect the transmission of data across the internet, whether they be Rails or static web pages. SSL/TLS is also used to protect against so called "man-in-the-middle" attacks. SSL/TLS (as far as we know) makes it impossible for one web server to "spoof" a legitimate server. The fake site should never be able to acquire a valid certificate for a different domain. Beyond that, there are also be security concerns in the client web browsers themselves. But, that's not really your concern as an application developer. That is unless you're the one trying to hack into client machines though security vulnerabilities in client browsers, but I trust that you're not. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
