-
Notifications
You must be signed in to change notification settings - Fork 146
Security notes
wvengen edited this page Dec 22, 2013
·
3 revisions
Web programming can be tricky - there are many ways in which attackers can find holes in a system, the application is accessible to anyone on the web. Rails has a number of defaults to mitigate this, but as a developer, you still need to be aware.
Some notes and links.
- Rails security guide (Rails guide)
- Rails cheat sheet at OWASP
- Rails insecure defaults (2013)
-
Don't pass arbitrary URLs to
redirect_to
- Don't put config in code - not the
secret_token
(we do now)
- Brakeman security scanner for Rails source code