Rails Security: Secure your Ruby on Rails web application

Ruby on Rails is a great Ruby framework for rapid development of web applications.
But default Rails comes with some (in)security features that must be hardened and fixed.
And a lot of the how to and tutorials in internet that publish the sponsor “websites in 5 minutes” help people to write insecure code.
Some examples:
File permission: default Rails cames with leak permission, all can read DB config and all can read and write log files.
Sessions: session does not expire server side
Validate input: the input must be properly validated to avoid sql injection and xss
Escape output: rember to use html_escape if you display user input data
Here is some links to secure your Rails installation and secure your web application from sql injections, xss and other stuff.


Tags: , , , , , ,

Leave a Reply