

Rack-webconsole: a Ruby/Rails console inside your browser - rohitarondekar
http://blog.codegram.com/2011/7/rack-webconsole-a-rubyrails-console-inside-your-browser

======
txus
On the CSRF concern, which is totally valid, I've pushed a patch. From version
0.0.5 it uses a token to prevent this kind of attacks.

[https://github.com/codegram/rack-
webconsole/commit/d5060d0e8...](https://github.com/codegram/rack-
webconsole/commit/d5060d0e8f69a335fd6c501dfd2d6562ab342a4f)

------
patio11
This is a very bad idea.

~~~
txus
It is meant for development environments only. Nobody would risk putting a
Ruby console in production :)

In fact, when using it with Rails, it is loaded only in development
environment. With other frameworks you should take care of what middlewares
you use in which environment.

~~~
patio11
I would think long and hard about whether giving code execution privileges on
your local machine to anyone who can convince you to click on a link is a good
idea. Actually, this should not be either long or hard.

Edit to add: You don't even need to click on the link, you just need to view
an image whose src I can manipulate. Ugh. Seriously: do not install on any
environment anywhere.

~~~
nicholaides
Can you expand on this? What's the risk? What's the attack vector?

~~~
ciupicri
I think he's saying that someone can make you open a web page that includes an
image with the proper src attribute and bang, your Rails site is broken.

~~~
tptacek
More likely, your whole data center.

~~~
sabat
Hyperbolic.

~~~
tptacek
I know you've been a dev/ops guy for 20 years and I respect the fact that your
development machines are sealed in vaults, but I've gotten to assess more than
half of the top 10 biggest Rails apps in the world over the past couple of
years and trust me, you're just wrong about this. Development machines are
within reach of developer browsers. Database machines are within reach of
development machines.

------
damoncali
Nice way to introduce Rack. Much better than the usual hello world.

I wouldn't use it for obvious reasons, but I like the demo.

------
masylum
Cool! Firebug for the frontend, rack-webconsole for the backend.

------
mef
Reading the headline, I was hoping this was a ruby-debug console in the
localhost browser for the current request. Perhaps that can be shoehorned into
rack-webconsole?

~~~
cldwalker
You'd probably be interested in <https://github.com/ryanb/enlighten>

------
jrom
I think this is a pretty cool tool, for both development/staging and also for
production in a very restricted way. Every site has some kind of admin panel.
I see this like a phpMyAdmin on asteroids for rack apps.

Definitely interesting.

~~~
mtogo
_I see this like a phpMyAdmin on asteroids for rack apps._

Dear christ, please do not ever put this near production.

------
ghayes
It's sweet to see internet browsers opening up for development within
themselves. We can surely do this securely with some amount of effort. I'd
love to see a world without the need for Eclipse / Aptana.

------
hemancuso
This seems like a boon for anyone trying to develop and debug issues on Heroku

