Section 9: Security

9.1 Mongrel’s Security Design

Back in the evil dark days of the WWW it was believed that a Web server should bend over backwards to accommodate any client written by anyone at any time no matter what the quality. For this reason most Web servers will allow nearly any malicious payload you send at them to pass right on through to your applications and network. Typically the only way to protect yourself is to create a blacklist[17]of known attacks and block them with special security tools.

Mongrel takes a more proactive and strict approach to Web server security. As an example, Mongrel’s HTTP processing is handled by a parser that has strict grammar specifications and exact size limits on all elements. Turns out if you simply ...

Get Mongrel: Serving, Deploying, and Extending Your Ruby Applications now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.