next up previous contents index LPP moodleSYTW moodlepdfruby gemsperldocgithubblogsgoogleetsiiullull-etsii-grado-lpp-1314ull-etsii-grado-stw-1314
Siguiente: Settings disponibles/Available Settings Subir: Fundamentos Anterior: Configuration / Configuración   Índice General   Índice de Materias

Configuring attack protection

Sinatra is using Rack::Protection to defend your application against common, opportunistic attacks.

  1. You can easily disable this behavior (which will open up your application to tons of common vulnerabilities):

    disable :protection

  2. To skip a single defense layer, set protection to an options hash: 

    set :protection, :except => :path_traversal
  3. You can also hand in an array in order to disable a list of protections: 

    set :protection, :except => [:path_traversal, :session_hijacking]
  4. By default, Sinatra will only set up session based protection if :sessions has been enabled.

    Sometimes you want to set up sessions on your own, though.

    In that case you can get it to set up session based protections by passing the :session option: 

    use Rack::Session::Pool
set :protection, :session => true

next up previous contents index LPP moodleSYTW moodlepdfruby gemsperldocgithubblogsgoogleetsiiullull-etsii-grado-lpp-1314ull-etsii-grado-stw-1314
Siguiente: Settings disponibles/Available Settings Subir: Fundamentos Anterior: Configuration / Configuración   Índice General   Índice de Materias
Casiano Rodriguez León 2015-01-07