Ruby on Rails: Ensuring security is covered in your application
- Set up authentication to verify user access. You can use devise, which uses Bcrypt, to make it difficult for hackers to compute a password. It can also help recover passwords, register and track sign-ins, lock records, etc.
- Use strong parameters to accept data being sent to you from a request, supplying whitelisted values to throw an error if incorrect data comes in.
- Add slugs to URLs to identify records in an easy-to-read form without releasing the id of the record.
- Protect sensitive data, especially logins and payment pages, by enforcing https through the config file and averting cross-site scripting (XSS) attacks.
- Check for active record exceptions and create an exception concern to sit above the application controller to guard against specific exceptions.
Full post here, 3 mins read