Permalink
Browse files

Merge pull request #14811 from qrush/master

Remove statement assuming coffee shop/public space wifi is inherently insecure
  • Loading branch information...
2 parents 6642407 + 66e5844 commit c524556e58bcacade1d67c057c0fa30c0bd13327 @guilleiguaran guilleiguaran committed Apr 19, 2014
Showing with 1 addition and 1 deletion.
  1. +1 −1 guides/source/security.md
View
2 guides/source/security.md
@@ -60,7 +60,7 @@ Many web applications have an authentication system: a user provides a user name
Hence, the cookie serves as temporary authentication for the web application. Anyone who seizes a cookie from someone else, may use the web application as this user - with possibly severe consequences. Here are some ways to hijack a session, and their countermeasures:
-* Sniff the cookie in an insecure network. A wireless LAN can be an example of such a network. In an unencrypted wireless LAN it is especially easy to listen to the traffic of all connected clients. This is one more reason not to work from a coffee shop. For the web application builder this means to _provide a secure connection over SSL_. In Rails 3.1 and later, this could be accomplished by always forcing SSL connection in your application config file:
+* Sniff the cookie in an insecure network. A wireless LAN can be an example of such a network. In an unencrypted wireless LAN it is especially easy to listen to the traffic of all connected clients. For the web application builder this means to _provide a secure connection over SSL_. In Rails 3.1 and later, this could be accomplished by always forcing SSL connection in your application config file:
```ruby
config.force_ssl = true

0 comments on commit c524556

Please sign in to comment.