Security oversights & more

For today's link love, I want to showcase a little security oversight that gives me a chuckle.

In a ruby on rails app, there is a yml file that declares all the database connection info. It is typically stored in the /config/database.yml folder. Now if a rails app is properly set up, this folder is never publically accessible.

But some people are idiots, as we all know.

Bonus points go out to the person who can figure out the google query that turns up database.yml files :)

OK, that was fun. What else do we have here today......

Going one step beyond the View Source Tool I linked to yesterday, today I want to show you the SEO Text Browser. This little tool returns some salient SEO information for the target URL plus its content. Annnnnnnd.....wait for it.......it follows redirects.

DabbleDB is really cool. I used to work with a lovely young lady who's partner is one of the lead guys on that project.  Last I heard they were digging around for some VC funding...I dont know if they ever got it, but regardless, DabbleDB is very very cool. This project is pretty ground breaking in my opinion, and has serious implications for the way data is stored, gathered, and shared on the intertube.

Check out this DabbleDB application of XSS Vectors

There's your link love for the day! Enjoy!