Hacker Newsnew | comments | show | ask | jobs | submit login

There is zero chance that someone who believes they are getting security out of hosting on Heroku and using Rails (because it has force_ssl and protect_from_forgery) is going to build a secure trading application.

I admire the ambition and for this stage of his career he's obviously cleared the bar, but it's also good for him to learn that in the real world security isn't graded on a curve, and people with more time and experience than him have failed to secure Rails apps.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact