Hello frnds
Is there a way out by which we can determine that a site is made in RoR? like looking @ the source code or some other method....that we adopt for other techs like php...
Thanks a lot
dhaval parikh
No other framework provides 404.html at the root so if you find http://example.com/4004.html and http://example.com/500.html be assured that it's ROR. Also the URL at the top can indicate too.
If you look at the form and see person[name] then it's ROR.
Do a curl call to the the URL. In the response you can see come of the Information like server, Content type etc etc. If the server is mongrel , its definitely RoR.
Raj Singh wrote:
No other framework provides 404.html at the root so if you find http://example.com/4004.htmlandhttp://example.com/500.htmlbe assured that it's ROR. Also the URL at the top can indicate too.
If you look at the form and see person[name] then it's ROR.
thanks a lot but i think there should be some concrete way out...to
find the same..as url can be made to look like ror even in php applications(url aliasing)Do a curl call to the the URL. In the response you can see come of the Information like server, Content type etc etc. If the server is mongrel , its definitely RoR.
or merb, or nitro or camping etc... Mongrel most commonly hides behind
some sort of load balancer anyway
I doubt there is a foolproof way of doing this (especially if the
person running the server wants to make it look like rails isn't being
used)
Fred
Frederick Cheung wrote:
append
/images/rails.png
to the url is a "not certain" yet optional way to check
s
Nobody’s asked this yes, so I will: why does it matter what something’s written in? Is there something you want to hack? Do you want to hide Rails from the bosses? I’m just interested, that’s all.
Brian Hogan wrote:
Nobody's asked this yes, so I will: why does it matter what something's written in? Is there something you want to hack? Do you want to hide Rails from the bosses? I'm just interested, that's all.
Well basically being in the field of technology i would certainly like to know that a particular thing is made using wat technology....as thru that we can come to know that what is new thing in market....what r people and companies doing and y in terms of technology....
so I feel that knowing about the fact that the site is made using wat tech is an important aspect for all tech ppl...we can even come to know that wat features can be made using with language..and find out the adv of using one instead of other..also its a matter of pride that being working in one particular lang and when big ppl/companies make their sites using that lang u can visualize the future of it..
Its something to boast about and gives u a confidence of working in the same..
Again wat i have written is wat i feel...
thanks
There are sites out there that make an educated guess on the underlying framework (i don’t recall the url and can’t seem to find it in a hurry), but it’s always an educated guess.
Examples:
http://mydomain.com/contacts;addresses/ will probably be a Rails 1.2 RESTful routes app
http://mydomain.com/javascripts/application.js?15454365 will probably be a Rails app too
There are some indicators on which language/framework has been used and the more can be found in one page, the more probably it will be to guess the technology used. But it is and stays an educated guess in the end.
Best regards
Peter De Berdt
I had this same thought, and wondered if anything like wordpress' meta tag existed for rails <meta name="generator" content="Rails1.2.3" />.
previous discussion here - http://groups.google.com/group/rubyonrails-talk/browse_thread/thread/b594be4b937d7e01/dbb85644cf293f1f?hl=en#dbb85644cf293f1f
In my opinion, the reason meta tags like that are terrible is that it tells someone what version of something you are using, so they can then see if they can exploit it. I’ve always found it beneficial to hide the technology you’re using.
I realize that the use of the word "hack" here is ambiguous, but.
There are often good security reasons to configure a server so as to hide how it's implemented, particularly when using a widely used framework.
Imagine that someone is trying to exploit a security exposure which has become public. One valuable tool in the evil-doer's kit is to scan sites to find likely victims.
So while there are clues like the server header in http responses, there are also countermeasures such as configuring a stack component (e.g. Apache) to either withhold or obfuscate them. And security conscious sites are likely to use these countermeasures.
Wrong. Array-based form elements existed long before Rails did.
