One of the cool things about rails is the Scriptalicious javascript library which you get as part of rails. I've just been trying to add in place editing to some of the fields in my app and I encountered a problem with way it's implemented in conjunction with the way I was decribing the view.
Anyway a much better description of the exact problem I was having and a solution (which is in the comments to the post) is at the Rabiit Creative Blog
Well I've been meaning to post some of this stuff for a while. I've been doing some Ruby On Rails (RoR) development for a while now, more to teach myself than to create any spectacular applications.
Anyway as you do I've run across a variety of intersesting sources of information about rails as I built my first application (a security checklist management system), so I'll post some of them here...
The main site is at www.rubyonrails.com and is a decent place to start.
For tutorials there's a list here Top 12 Rails Tutorials of which I'd have to say that the rolling on rails one I liked (although it's a bit out of date now). Also if you look at that one I'd be inclined to follow-up with Amy Hoy's ones which can be found here
In terms of forums and the like I've actually not found any that I like a lot yet. There's mailing lists off the main site, but I'm not a great fan of mailing lists for picking up things as I find the web interfaces not that great, usually.
There's some books that are a good bet, the seminal one is Agile Web Development with Rails however I wouldn't buy the current print version as V2 is under development. what you can do is get the PDF of the current cut of V2 from there and then you get the PDF of the final one when it's done...
There's an Oreilly book by the guy who did the Rolling on Rails tutorial I mentioned above, which is out on safari now and will be in print R.S.N . I've not read much of it yet, so I'm not too sure how it'll be...
Anyway that's enough of an intro, I just need to remember to keep posting as I find new stuff...
SiteKey-20060718.pdf (application/pdf Object)
An article detailing some problems with the SiteKey implementation at BofA. I must say I'm not surprised by the one about real-time MITM bypassing the problem, but I'm a little surprised about one of the security processes for login being waived once the user clicks a button on a given PC and moreso that there's no easy way to remove the bypass from a given PC....
Secondary security questions (well one's that aren't likely to be public knowledge anyway) are a decent add-on to an authentication procedure, but I wouldn't have thought that they were so onerous, that you couldn't just ask them every time...
GData: An Online MD5 Hash Database
I've been looking for a good site to get password dictionaries from for ages. Don't know why this one doesn't seem to show well on google searches, but the dictionaries for download there look good to me
DNS: Spoofing and Pinning.
SPI Dynamics Article on Javascript system enumeration
A Couple of interesting articles on the dangers of javascript/XSS attacks...
PSS > Tools > Nessj" href="http://www.pss.intekras.com/tools/nessj/">Intekras > PSS > Tools > Nessj
Handy. A java based nessus client.
Windows_Vista_Security_Model_Analysis.pdf (application/pdf Object)
Symantec's analysis of the Vista Security Model. Another one to read when I get some time.
A Process for Performing Security Code Reviews
Article on Performing security code reviews, one to read when I get a chance.
Sztywny Blog - Stiff asks, great programmers answer
Very interesting answers...
