Rails Security: Secure your Ruby on Rails web application

Ruby on Rails is a great Ruby framework for rapid development of web applications.
But default Rails comes with some (in)security features that must be hardened and fixed.
And a lot of the how to and tutorials in internet that publish the sponsor “websites in 5 minutes” help people to write insecure code.
Some examples:
File permission: default Rails cames with leak permission, all can read DB config and all can read and write log files.
Sessions: session does not expire server side
Validate input: the input must be properly validated to avoid sql injection and xss
Escape output: rember to use html_escape if you display user input data
Here is some links to secure your Rails installation and secure your web application from sql injections, xss and other stuff.


Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.


No comments yet.

Leave a comment