LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Development page

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ruby on Rails gains new ModelSecurity feature

[Posted October 17, 2005 by cook]

From:  Bruce Perens <bruce-AT-perens.com>
To:  lwn-AT-lwn.net
Subject:  Ruby on Rails gains new ModelSecurity feature
Date:  Thu, 13 Oct 2005 11:13:14 -0700


Ruby on Rails gains new Data Model Security feature

I've developed /ModelSecurity/, a new Ruby on Rails facility that helps
developers implement a security /defense in depth/ by implementing
access control within the data model.

If you are like most developers, you think about security when you
program controllers and views. But a bug in your controller or view can
compromise the security of your application, /unless your data model has
also been secured./

The economical, flexible, and extremely readable means of specifying
access controls provided by ModelSecurity makes it easier for the
developer to /think/ about security, and makes security assumptions that
might otherwise live in one developers head /concrete/ and /communicable
to others./

The work was sponsored by Sourcelabs <http://sourcelabs.com/>> and is
released as Open Source under the same license as Rails. See the
ModelSecurity web site <http://perens.com/FreeSoftware/ModelSecurity>>. -
/Bruce Perens/
(Log in to post comments)

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds