

Ruby On Rails Security Guide - b-man
http://guides.rubyonrails.org/security.html

======
Groxx
A very nice list. Readable, explanatory, and _full_ of good suggestions.
Almost all focused on session / injection / xss attacks, but that's probably
the biggest threat you've got. I wish I'd seen it sooner; _most_ I've seen
before, but the regex one in particular was new to me, and it really only
takes _one_ , doesn't it?

Anyone know of anything notable they missed? I'd love to know, and it could be
useful to get it added to the list too.

------
greenlblue
The regular expression surprised me. I'm really used to using ^$ in php and it
works as intended but apparently in Ruby the correct delimiters are \A\z.

~~~
bodhi
^ and $ also work.

------
davcro
One of my rails apps was hijacked via xss injection last week. I wish I had
read this guide sooner. I highly recommend for any rails admin.

------
jim_h
Thanks. I've read this before, but it's always good to reread it.

