Security

HTTPS: Is your URL string secure over SSL?

Given the sensitivity of the customer data stored in Gemfury, security is always on our mind. And with a renewed community focus on Rails security, I hope that our new Gemfury Security Series of articles will help ease your mind about using and building cloud services. Since we’ve introduced the Secure-Token-URL as the private Gem source, we’ve heard concerns about the security of putting a secret in the URL. Some have stated that our attempt at claiming “security” is bogus, and that your account can be easily exposed by sniffing the connection URL despite SSL.