team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

working on the httponly tutorial

Browse Source
This commit is contained in:
cktricky
2014-09-11 11:01:56 -04:00
parent 9c160750a6
commit ef2bc20c97
5 changed files with 84 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/views/layouts/shared/_header.html.erb
+1 -1
View File
@@ -26,7 +26,7 @@
going on with funny chars and jquery, plus it says safe so I'm guessing
nothing bad will happen
-->
Welcome, <%= current_user.first_name.html_safe %>
Welcome, <%= current_user.first_name %>
</li>
<li>
<%= button_to "RailsGoat Tutorials", tutorials_path, {:class => "btn btn-primary", :method => "get"}%>
app/views/layouts/tutorial/broken_auth_sess/_httponly_flag.html.erb
+75
View File
@@ -0,0 +1,75 @@
<div class="widget">
<div class="widget-header">
<div class="title">
<span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A2 - Broken Authentication and Session Management - Lack of HttpOnly Flag
</div>
</div>
<div class="widget-body">
<div id="accordion1" class="accordion no-margin">
<div class="accordion-group">
<div class="accordion-heading">
<a href="#collapseHttpOnlyOne" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-info icon-white">
</i>
Description
</a>
</div>
<div class="accordion-body in collapse" id="collapseHttpOnlyOne" style="height: auto;">
<div class="accordion-inner">
INSERT DESC
</div>
</div>
</div>
<div class="accordion-group">
<div class="accordion-heading">
<a href="#collapseHttpOnlyTwo" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-bug icon-white">
</i>
Bug
</a>
</div>
<div class="accordion-body collapse" id="collapseHttpOnlyTwo" style="height: 0px;">
<div class="accordion-inner">
<p class="desc">
By default, Ruby on Rails protects it's cookies with the HttpOnly flag. However, it is possible to disable this security protection and is not recommended. You can disable this protection using the flag highlighted below. This is an insecure and unnecessary change.
</p>
<pre class="ruby">
Railsgoat::Application.config.session_store :cookie_store, key: '_railsgoat_session', <span style="background:yellow">httponly: false</span>
</pre>
</div>
</div>
</div>
<div class="accordion-group">
<div class="accordion-heading">
<a href="#collapseHttpOnlyThree" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-lightning icon-white">
</i>
Solution
</a>
</div>
<div class="accordion-body collapse" id="collapseHttpOnlyThree" style="height: 0px;">
<div class="accordion-inner">
<p><b>Lack of Password Complexity - SOLUTION</b></p>
INSERT SOLUTION
</div>
</div>
</div>
<div class="accordion-group">
<div class="accordion-heading">
<a style="background-color: rgb(181, 121, 158)" href="#collapseHttpOnlyFour" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-aid icon-white">
</i>
Hint
</a>
</div>
<div class="accordion-body collapse" id="collapseHttpOnlyFour" style="height: 0px;">
<div class="accordion-inner">
<p class="desc">
INSERT DESC
</p>
</div>
</div>
</div>
</div>
</div>
</div>
app/views/layouts/tutorial/broken_auth_sess/_insecure_compare.html.erb
+1 -1
View File
@@ -67,7 +67,7 @@
</div>
<div class="accordion-body collapse" id="collapseCompThree" style="height: 0px;">
<div class="accordion-inner">
<p><b>Lack of Password Complexity - SOLUTION</b></p>
<p><b>Insecure Timing Attacks - SOLUTION</b></p>
<p>
Within app/models/user.rb:
</p>
app/views/tutorials/broken_auth.html.erb
+5
View File
@@ -15,6 +15,11 @@
<%= render :partial => ("layouts/tutorial/broken_auth_sess/insecure_compare")%>
</div> <!-- End Span12-->
</div>
<div class="row-fluid">
<div class="span12">
<%= render :partial => ("layouts/tutorial/broken_auth_sess/httponly_flag")%>
</div> <!-- End Span12-->
</div>
</div>
</div>