secure-action-plugin provides an easy to use interface for protecting your app against assumed logged in attacks.
In an assumed logged-in attack, a malicious site assumes the visitor is logged into your site. The malicious site crafts a URL to a destructive action on your site (change email, delete account, etc) and opens the URL to that action in a hidden iframe. The browser then sends the user’s cookies and actions may be performed on your user’s behalf without them ever knowing. This technique may be used to steal accounts, inject or delete account data, or perform other malicious actions.
The secure-action-plugin works by overriding ActionController.url_for and adding a signature of the user’s session_id and some salt to URL query strings. By adding a signature that includes the user’s session_id, you can verify that the action is being executed by the correct user, and makes it impossible for attackers to craft URLs that will work in an assumed logged-in attack. To execute an assumed logged-in attack, the malicious site simply has to get victims to visit their site while they are logged into your app.
The plugin also adds a before filter which verifies the signature of actions that have been marked as secure. The filter will fail if there is a signature mismatch, or is no signature is present.
You may secure actions on a per controller basis:
class AccountController < ActionController::Base secure_actions :only => [:change_email_submit] endsecure-action-plugin provides an easy to use interface for protecting your app against assumed logged in attacks.
In an assumed logged-in attack, a malicious site assumes the visitor is logged into your site. The malicious site crafts a URL to a destructive action on your site (change email, delete account, etc) and opens the URL to that action in a hidden iframe. The browser then sends the user’s cookies and actions may be performed on your user’s behalf without them ever knowing. This technique may be used to steal accounts, inject or delete account data, or perform other malicious actions.
The secure-action-plugin works by overriding ActionController.url_for and adding a signature of the user’s session_id and some salt to URL query strings. By adding a signature that includes the user’s session_id, you can verify that the action is being executed by the correct user, and makes it impossible for attackers to craft URLs that will work in an assumed logged-in attack. To execute an assumed logged-in attack, the malicious site simply has to get victims to visit their site while they are logged into your app.
The plugin also adds a before filter which verifies the signature of actions that have been marked as secure. The filter will fail if there is a signature mismatch, or is no signature is present.
You may secure actions on a per controller basis:
class AccountController < ActionController::Base secure_actions :only => [:change_email_submit] end