I''ve recently deployed my first app and although I don''t think I''ve done too much wrong I''m acutely aware of the importance of security. I''m sure people here are also. I''d be interested in learning more and as such I thought I''d start a thread on the top five security mistakes (or gotchas I suppose) made by people, or just any pointers for things to watch out for. Either application based stuff or server configuration tips. I appreciate there are a heck of a lot more than five things, but hey, gotta start somewhere. In my specific case, my app uses the original acts_as_authenticated plugin as well as the file_column plugin (allows people to upload images). I''m hosted on joyent shared hosting (aka textdrive). Top 5 security mistakes when deploying a new app. 1) errr, apply special permissions to databases.yml 2) ... 3) ... 4) ... 5) ... Appreciate any tips. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
any pointers ? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 14 Jan 2008, at 15:44, bingo bob wrote:> > > any pointers ?Well you''ve cast quite a wide net, and it''s always hard to know at what level your pitching. So I can say ''use h and sanitize where appropriate'', but I might be stating the bleeding obvious. http://www.quarkruby.com/2007/9/20/ruby-on-rails-security-guide has lots of good stuff (but it''s not quite up to date, eg it warns against using sanitize, recommending white_list instead but in rails 2.0 sanitize is white_list) Fred> > -- > Posted via http://www.ruby-forum.com/. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---