Dwijendra Parashar

  Securing Rails Applications The concept of sessions in Rails, what to put in there and popular attack methods. How just visiting a site can be a security problem (with CSRF).         What you have to pay attention to when working with files or providing an administration interface.         How to manage users: Logging in and out and attack methods on all layers.  Ruby on Rails has some clever helper methods, for example against SQL injection, so that this is hardly a problem. sessions --  Sessions enable the application to maintain user-specific state, while users interact with the application. For example, sessions allow users to authenticate once and remain signed in for future requests. Rails provides a session object for each user that accesses the application. If the user already has an active session, Rails uses the existing session. Otherwise a new session is created. session hijacking --  ................................

 imp definitions ::  1. duck typing - duck typing is a way of programming in which one object passed to a function or method supports all method signatures and attributes expected of the object at runtime.the object type itself is not important.Rather the object should support all methods/attributes called on it. 2.

chmod 777 -R  /var/lib/gems/2.7.0 sudo chmod -R o+rw /var/www sudo chmod -R filename

1.in the upper right corner - click settings. 2.in settings - in top below - click developer settings - 3.in developer settings - go to personal access tokens - there are 2 types of tokens- 3.1. fine grained tokens 3.2. personal access tokens.

step1 : $ ssh-keygen - Run this command at the terminal. Step 2 : It may be ask to overwrite if you have overwrite this -- this will give you path - 1. public key save position Your identification has been saved in /home/dwijendra/.ssh/id_rsa Your public key has been saved in /home/dwijendra/.ssh/id_rsa.pub 2. key fingerprint will come -- The key fingerprint is: SHA256:36WlXOHKLJyeqg5f9Wfmd8kxnf6nihHgJZnqCtnJb0s dwijendra@aqusag-ThinkPad-T450   3. cat space ‘public key save position’ Run this command :: $cat /home/dwijendra/.ssh/id_rsa.pub note – there will be space in this cat and the file path – only one space new ssh key will be generated by this – like this below - ssh-rsa below is the ssh key -  AAAAB3NzaC1yc2EAAAADAQABAAABgQDGXtjNm1/gUftUSeW3m1jnPYBQpsZ5eTTnenb37voOGkciMkyUlFimXIfNzczHJEpZlrXvYRvHtPAoUUIjfzJXjC0e24JtCIOQq5v/lx+Iq+QDhrUFei0IlT0/RevuN+7VgbWkgJ5BGG4Un+a4DUcyALTpIJuwWWgrIwPWjUgeaMgEHRrslNJEfAYIDQR36c8HGLA0GMODACmgQsFjfV3PDKfKugxqxf9Dq7WOXoOgdh3JOPreXV9PxFDol...