- Force SSL for Rails
- Switch to encrypted_cookie_store
- Set session expire_after to 10 minutes
- Make sure that protect_from_forgery is set.
- Make sure passenger & nginx runs as nobody or a less privileged user.
- Double check uploads to make sure it is handling relative paths
- Use attr_accessible where it makes sense
- Filter all sensitive info from from logs
- Audit regular expressions
Created
September 17, 2012 18:46
-
-
Save vishnugopal/3739019 to your computer and use it in GitHub Desktop.
Rails Security Best Practices
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment