<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
  <channel>
    <title>Security on ToiDB</title>
    <link>https://www.toidang.xyz/tags/security/</link>
    <description>Recent content in Security on ToiDB</description>
    <image>
      <title>ToiDB</title>
      <url>https://www.toidang.xyz/web/static/me-512x512.png</url>
      <link>https://www.toidang.xyz/web/static/me-512x512.png</link>
    </image>
    <generator>Hugo</generator>
    <language>en</language>
    <lastBuildDate>Wed, 12 Jun 2024 10:55:39 +0700</lastBuildDate>
    <atom:link href="https://www.toidang.xyz/tags/security/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>What are HSTS and the HSTS preload list?</title>
      <link>https://www.toidang.xyz/posts/2024/03/26/what-are-hsts-and-the-hsts-preload-list/</link>
      <pubDate>Tue, 26 Mar 2024 10:08:55 +0700</pubDate>
      <guid>https://www.toidang.xyz/posts/2024/03/26/what-are-hsts-and-the-hsts-preload-list/</guid>
      <description>The HSTS (HTTP Strict Transport Security) protocol is a policy / mechanism that forces a web connection over a secure HTTPS channel. In other words: without a valid SSL certificate, such a website will not load in your browser. The browser will not even show the option to ignore the SSL warning.</description>
    </item>
    <item>
      <title>Understanding CSRF in Ruby on Rails</title>
      <link>https://www.toidang.xyz/posts/2020/01/07/understanding-csrf-in-ruby-on-rails/</link>
      <pubDate>Tue, 07 Jan 2020 21:08:55 +0700</pubDate>
      <guid>https://www.toidang.xyz/posts/2020/01/07/understanding-csrf-in-ruby-on-rails/</guid>
      <description>CSRF (Cross-Site Request Forgery) is a type of attack where an attacker tricks a user into performing unintended actions on a web application in which the user is authenticated. In Rails, CSRF protection is implemented to prevent such attacks. This article explains what CSRF is, how it works in Rails, and the mechanisms used to prevent CSRF attacks.</description>
    </item>
    <item>
      <title>Prevent Content Type Spoofing on Paperclip</title>
      <link>https://www.toidang.xyz/posts/2016/10/03/prevent-content-type-spoofing-on-paperclip/</link>
      <pubDate>Mon, 03 Oct 2016 18:08:55 +0700</pubDate>
      <guid>https://www.toidang.xyz/posts/2016/10/03/prevent-content-type-spoofing-on-paperclip/</guid>
      <description>If you have ever used paperclip, maybe you have seen the message like that: Image has contents that are not what they are reported to be. For this bug, we will have two solutions: specify an extension that cannot otherwise be mapped or override media_type_spoof_detector method.</description>
    </item>
  </channel>
</rss>
