Results for force-secure

A cross-platform clipboard syncer

Force the secure bit of a cookie depending on whether your connection is secure

The scrypt key derivation function is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.

Grant is a Ruby gem and Rails plugin that forces you to make explicit security decisions about the operations performed on your ActiveRecord models.

Login and logout management with secure "remember me" capabilities and complete session control. You can even force a user to logout!

This gem provides a simple way to download report data from salesforce.com. It works well with any ruby applications, include such as Ruby on Rails.You can access salesfore.com using only your sales force login id (=email) and password. A security token is no need.

Rails Security Shield is a comprehensive, Rails-native security engine designed to provide multi-layered protection for modern web applications. It actively defends against common threats by integrating a powerful Web Application Firewall (WAF) to block attacks like SQLi and XSS, an advanced bot detection system using JavaScript challenges and honeypots, and robust account takeover prevention to stop brute-force and credential stuffing attacks. Built as a mountable Rails Engine, it leverages core framework features like ActiveJob and Rails.cache to ensure high performance and minimal external dependencies. It includes a real-time dashboard for monitoring security events, giving you immediate insight into the threats your application faces. Drop it in, configure it, and get enterprise-grade security that feels like a natural extension of Rails.

Enigma is a lightweight Ruby gem designed to verify passwords hashed using Firebase's custom scrypt-based algorithm, making it ideal for seamless integrations and migrations involving Firebase authentication systems. It provides a secure, efficient way to compare a user-provided password against a stored hash without exposing sensitive details, ensuring constant-time comparisons to mitigate timing attacks. Key features include: - Full compatibility with Firebase Authentication's password hashing logic, combining scrypt with AES-256-CTR encryption for signing. - Configurable parameters for scrypt (rounds, memory cost), signer keys, and salt separators. - Secure practices using OpenSSL's fixed-length comparisons. - Support for custom logging, with easy integration into Rails or other frameworks. - Minimal dependencies, relying on the 'scrypt' gem alongside Ruby's standard library. A common use case is migrating users from Firebase to systems like Devise in Ruby on Rails. During migration, extract the user's base64-encoded salt and stored hash from Firebase, then use Enigma to verify the input password. If it matches, set the raw password in Devise to generate a new hash, avoiding forced resets and ensuring a smooth transition. Whether for custom auth systems, password audits, or hybrid setups, Enigma simplifies secure verification while prioritizing ease of use.

= The Owasp ESAPI Ruby project == Introduction The Owasp ESAPI Ruby is a port for outstanding release quality Owasp ESAPI project to the Ruby programming language. Ruby is now a famous programming language due to its Rails framework developed by David Heinemeier Hansson (http://twitter.com/dhh) that simplify the creation of a web application using a convention over configuration approach to simplify programmers' life. Despite Rails diffusion, there are a lot of Web framework out there that allow people to write web apps in Ruby (merb, sinatra, vintage) [http://accidentaltechnologist.com/ruby/10-alternative-ruby-web-frameworks/]. Owasp Esapi Ruby wants to bring all Ruby deevelopers a gem full of Secure APIs they can use whatever the framework they choose. == Why supporting only Ruby 1.9.2 and beyond? The OWASP Esapi Ruby gem will require at least version 1.9.2 of Ruby interpreter to make sure to have full advantages of the newer language APIs. In particular version 1.9.2 introduces radical changes in the following areas: === Regular expression engine (to be written) === UTF-8 support Unicode support in 1.9.2 is much better and provides better support for character set encoding/decoding * All strings have an additional chunk of info attached: Encoding * String#size takes encoding into account – returns the encoded character count * You can get the raw datasize * Indexed access is by encoded data – characters, not bytes * You can change encoding by force but it doesn’t convert the data === Dates and Time From "Programming Ruby 1.9" "As of Ruby 1.9.2, the range of dates that can be represented is no longer limited by the under- lying operating system’s time representation (so there’s no year 2038 problem). As a result, the year passed to the methods gm, local, new, mktime, and utc must now include the century—a year of 90 now represents 90 and not 1990." == Roadmap Please see ChangeLog file. == Note on Patches/Pull Requests * Fork the project. * Create documentation with rake yard task * Make your feature addition or bug fix. * Add tests for it. This is important so I don't break it in a future version unintentionally. * Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull) * Send me a pull request. Bonus points for topic branches. == Copyright Copyright (c) 2011 the OWASP Foundation. See LICENSE for details.

No description provided.

No description provided.

No description provided.