• Home
• Contacts
• Slides

Rails Security: Secure your Ruby on Rails web application

Ruby on Rails is a great Ruby framework for rapid development of web applications.
But default Rails comes with some (in)security features that must be hardened and fixed.
And a lot of the how to and tutorials in internet that publish the sponsor “websites in 5 minutes” help people to write insecure code.
Some examples:
File permission: default Rails cames with leak permission, all can read DB config and all can read and write log files.
Sessions: session does not expire server side
Validate input: the input must be properly validated to avoid sql injection and xss
Escape output: rember to use html_escape if you display user input data
Here is some links to secure your Rails installation and secure your web application from sql injections, xss and other stuff.

Links:

• About “Securing your Rails application”
• BSD Rails
• Avoiding SQL injection and XSS in your Ruby on Rails application
• Preventing XSS Attacks in your Rails Application
• XSS Countermeasures
• Migrations have got to be one of the coolest aspects of ActiveRecord
• Securing your Rails environment
• Web Security With Ingress Filtering
• Secure UTF-8 Input in Rails

• CakePHP vs Ruby on Rails
• Ruby on Rails Optimizing Performance
• Sanitize HTML in Ruby
• Rails vs Django
• A series of Ruby on Rails (RoR) Slides - Part 2

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.

© 2003-2009 lonerunners.net