All SSL, all the time, is pretty much a standard for anyone with authenticated traffic. HSTS provides this in a way that is much better than simply redirecting non-ssl requests (which really don't add much protection anyways).
What would be the correct place for this? It could be argued that it should be set in session_hijacking.rb but that's not my call :)
All SSL, all the time, is pretty much a standard for anyone with authenticated traffic. HSTS provides this in a way that is much better than simply redirecting non-ssl requests (which really don't add much protection anyways).
What would be the correct place for this? It could be argued that it should be set in
session_hijacking.rb
but that's not my call :)