Hi,
I’m using authentication with a :before_filter for controller actions
I want to restrict. I see that I’ll want to authenticate GET request
actions, but what about PUT, DELETE, POST requests? Can anyone ‘get’
to these latter requests if all GET requests on a resource are
authenticated? In this same vein, how about covering ajax actions?
(The reason I don’t want to just protect everything is I don’t want to
add tests unnecessarily…)
Thanks,
Lille
On 6 August 2010 19:42, Lille [email protected] wrote:
Hi,
I’m using authentication with a :before_filter for controller actions
I want to restrict. I see that I’ll want to authenticate GET request
actions, but what about PUT, DELETE, POST requests? Can anyone ‘get’
to these latter requests if all GET requests on a resource are
authenticated? In this same vein, how about covering ajax actions?
I think all actions should be protected. Assume that any action url
and request type can be generated by a hacker.
Colin
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs