Ruby on Rails Development: How to avoid leaking of information in Rails

ruby-on-rails

It has been quite a while since I’ve been facing a particular issue in Rail, wherein the browser needs to revalidate the page on each request, which is a good sign, until someone clicks the hits the back button, and reload it, this time the browser won’t revalidate the request, it will simply load the page from It’s cache.

 

This could be vital when you are dealing with critical information, as it can lead to some serious leaking of the information, especially when you as a user logs out from the browser / application, and someone else takes the same machine, and tries to access it from the history. When a new user visits the page from history, the browser won’t revalidate the request, and will load the page from the cache – as stated above. Besides, if there is an advanced hacker in place, he can even decrypt the browser’s cache files and can gain the access of the critical information.

 

However, recently, I came across a blog from Greg Molnar, which indeed help to resolve the above issue.
Herein, to resolve the issue, one can explicitly set the ‘Cache-Control’ header in the app with a before filter:
“before_filter :set_as_private

protected

def set_as_private
response.headers[‘Cache-Control’] = ‘no-cache, no-store’
end”

So from next time, whenever you want to display sensitive information, you can call this filter in each controller. Alternatively, you can also set a question for the users while sign in that whether they are on a public computer or private and set the cache header based on the choice.

If you are looking for experienced team of Ruby on Rails developers, feel free to contact us today.

Knowledge Source: Greg Molnar – www.greg.molnar.io

SAVE YOUR TIME AND MONEY

Save your time and money by choosing us, a scalable team with 120+ professionals with expertise in various domains and technologies.

Dedicated TL / PM with Quick Response

Have a dedicated Team Lead / Project Manager for your each project, all with an assurance that your project will get utmost priority, along with the quick and firm response for all your queries regarding it.

QUICK, SECURE AND SWIFT CODE

With expertise on all the latest architectural and coding structures, our experienced developers ensure that the site is secure, and performs quick and swiftly.

Leave us your info

Select Service

Describe your requirement here

Upload An Attachment