When you transfer your latest app to a production server and open it up to the globe, you are extremely throwing your app to the elements - smart and unhealthy. If you do not pay any attention to security whatever, you are possible to fall foul of some cracker's villainous theme and your users are protestant when something does not work or they are being spammed with pots of gold to share. however what to do?
There are some precautions to be taken while before launching any application. Our ROR developers in India pay attention to the following points for security:
- Some attributes should be uneditable, it will only be read-only
- For security updates and patches dependencies will be check.
- For user-equipped URLs avoids redirection.
- Beware of mass assignments.
- Avoid using user params or content within the send_file technique.
- All non-ActionController methods make private.
- Avoid storing the password in the database.
- Filter sensitive parameters from the logs.
- Pay attention to CSRF (Cross-Site Request Forgery) and use protect_from_forgery and csrf_meta_tag.
- Pay attention to XSS (Cross-Site Scripting) and use the h helper in views
- Don't trust logged-in users.