HTTPS: Is your URL string secure over SSL?
This article has been moved to the Gemfury Dev Center
This article has been moved to the Gemfury Dev Center
Given the sensitivity of the customer data stored in Gemfury, security is always on our mind. And with a renewed community focus on Rails security, I hope that our new Gemfury Security Series of articles will help ease your mind about using and building cloud services.
Since we’ve introduced the Secure-Token-URL as the private Gem source, we’ve heard concerns about the security of putting a secret in the URL. Some have stated that our attempt at claiming “security” is bogus, and that your account can be easily exposed by sniffing the connection URL despite SSL. This is not true!
…