Comments on: Web Security With Ingress Filtering http://www.igvita.com/2007/04/27/web-security-with-ingress-filtering/ A goal is a dream with a deadline. Thu, 11 Mar 2010 04:56:29 +0000 http://wordpress.org/?v=2.7.1 hourly 1 By: Sajin Jose http://www.igvita.com/2007/04/27/web-security-with-ingress-filtering/comment-page-1/#comment-101353 Sajin Jose Tue, 05 Feb 2008 23:43:36 +0000 http://www.igvita.com/blog/2007/04/27/web-security-with-ingress-filtering/#comment-101353 Valuable article. Clearly saying about Ingress, Egress filtering :-) Valuable article. Clearly saying about Ingress, Egress filtering :-)

]]> By: Ilya Grigorik http://www.igvita.com/2007/04/27/web-security-with-ingress-filtering/comment-page-1/#comment-36549 Ilya Grigorik Tue, 08 May 2007 03:06:42 +0000 http://www.igvita.com/blog/2007/04/27/web-security-with-ingress-filtering/#comment-36549 ckozus, personally I wouldn't even recommend storing your database.yml file in your SVN repo. If you're the only developer, I guess it's ok. But otherwise, why give out your root logins to everyone? One gotcha though, this does assume that you will have to create a custom task in capistrano to sync and move your database.yml to each new deployment. Jaigouk, glad you found them interesting. That's a good sign! (for me, especially) ckozus, personally I wouldn’t even recommend storing your database.yml file in your SVN repo. If you’re the only developer, I guess it’s ok. But otherwise, why give out your root logins to everyone? One gotcha though, this does assume that you will have to create a custom task in capistrano to sync and move your database.yml to each new deployment.

Jaigouk, glad you found them interesting. That’s a good sign! (for me, especially)

]]> By: Jaigouk http://www.igvita.com/2007/04/27/web-security-with-ingress-filtering/comment-page-1/#comment-36392 Jaigouk Mon, 07 May 2007 10:48:46 +0000 http://www.igvita.com/blog/2007/04/27/web-security-with-ingress-filtering/#comment-36392 wow. your articles make me poignant. :-) especially, smart rss reader. I found your blog today. And it's been an hour since i've been reading. Cool. wow. your articles make me poignant. :-)
especially, smart rss reader. I found your blog today. And it’s been an hour since i’ve been reading. Cool.

]]> By: patrick http://www.igvita.com/2007/04/27/web-security-with-ingress-filtering/comment-page-1/#comment-36125 patrick Sat, 05 May 2007 14:35:16 +0000 http://www.igvita.com/blog/2007/04/27/web-security-with-ingress-filtering/#comment-36125 @ckozus: asuming you use capistrano to deploy, you can copy the database.yml into the latest version using a capistrano task. (As described in Agile Rails). @ckozus:

asuming you use capistrano to deploy, you can copy the database.yml into the latest version using a capistrano task. (As described in Agile Rails).

]]> By: ckozus http://www.igvita.com/2007/04/27/web-security-with-ingress-filtering/comment-page-1/#comment-35634 ckozus Wed, 02 May 2007 10:56:10 +0000 http://www.igvita.com/blog/2007/04/27/web-security-with-ingress-filtering/#comment-35634 In fact, rails loads the environment you especify in the RAILS_ENV parameter, i.e.: rake db:migrate RAILS_ENV=production I think I can get away using a separate database.yml file in my production box, where the development connection used a root user (or at least a user with permision to alter the db structure). In fact, rails loads the environment you especify in the RAILS_ENV parameter, i.e.:

rake db:migrate RAILS_ENV=production

I think I can get away using a separate database.yml file in my production box, where the development connection used a root user (or at least a user with permision to alter the db structure).

]]> By: Charles Rowe dot com » 10 web application security tips you should already know http://www.igvita.com/2007/04/27/web-security-with-ingress-filtering/comment-page-1/#comment-35529 Charles Rowe dot com » 10 web application security tips you should already know Tue, 01 May 2007 14:43:35 +0000 http://www.igvita.com/blog/2007/04/27/web-security-with-ingress-filtering/#comment-35529 [...] I have been meaning to write a web security post and Ilya Grigorik has inspired me with the post “Web Security With Ingress Filtering”. Ilya lists some solid points for protecting your web application. Here are some fundamental points that continue to crop up all the time. If you know them: Congratulations, you are ahead of the game. [...] [...] I have been meaning to write a web security post and Ilya Grigorik has inspired me with the post “Web Security With Ingress Filtering”. Ilya lists some solid points for protecting your web application. Here are some fundamental points that continue to crop up all the time. If you know them: Congratulations, you are ahead of the game. [...]

]]> By: Ilya Grigorik http://www.igvita.com/2007/04/27/web-security-with-ingress-filtering/comment-page-1/#comment-35405 Ilya Grigorik Mon, 30 Apr 2007 20:10:36 +0000 http://www.igvita.com/blog/2007/04/27/web-security-with-ingress-filtering/#comment-35405 ckozus, you can still use migrations on your production server. My understanding is, rake loads the dev environment, so you can use root as your db login there, but just make sure to use a limited user for production. ckozus, you can still use migrations on your production server. My understanding is, rake loads the dev environment, so you can use root as your db login there, but just make sure to use a limited user for production.

]]> By: ckozus http://www.igvita.com/2007/04/27/web-security-with-ingress-filtering/comment-page-1/#comment-35355 ckozus Mon, 30 Apr 2007 14:49:03 +0000 http://www.igvita.com/blog/2007/04/27/web-security-with-ingress-filtering/#comment-35355 The matter is that I also run migrations on production. Well.... I think it's a common practice to do it, isnt' it? That's the whole idea about migrations, not writing ddl sql by hand, but instead, expressing those changes to the db in ruby code. The matter is that I also run migrations on production.
Well…. I think it’s a common practice to do it, isnt’ it?

That’s the whole idea about migrations, not writing ddl sql by hand, but instead, expressing those changes to the db in ruby code.

]]> By: Ilya Grigorik http://www.igvita.com/2007/04/27/web-security-with-ingress-filtering/comment-page-1/#comment-35352 Ilya Grigorik Mon, 30 Apr 2007 14:32:16 +0000 http://www.igvita.com/blog/2007/04/27/web-security-with-ingress-filtering/#comment-35352 Ckozus, I could be off on this one, but doesn't rake default to the 'development' mode anytime you call it? For dev purposes, you can use the root user, in fact you will probably have to. My warning was about production mode, when your site is live. Ckozus, I could be off on this one, but doesn’t rake default to the ‘development’ mode anytime you call it? For dev purposes, you can use the root user, in fact you will probably have to. My warning was about production mode, when your site is live.

]]> By: ckozus http://www.igvita.com/2007/04/27/web-security-with-ingress-filtering/comment-page-1/#comment-35042 ckozus Sun, 29 Apr 2007 18:16:36 +0000 http://www.igvita.com/blog/2007/04/27/web-security-with-ingress-filtering/#comment-35042 Let's say I use a restricted user to access my db. Given that the rake task db:migrate will use the user configured in database.yml, that way I won't be able to run my migrations as i'm used to, am I right? Is there an approach to solve this? Let’s say I use a restricted user to access my db. Given that the rake task db:migrate will use the user configured in database.yml, that way I won’t be able to run my migrations as i’m used to, am I right?

Is there an approach to solve this?

]]>