Reputation: 14504
Best practice security measures for an enterprise Rails app?
What security measures should a Rails enterprise app have?
Examples of few security measures:
Admin area authenticated and IP restricted
No User added CSS, because of some old browsers can run JavaScript in CSS
Should User information in database be encrypted?
Upvotes: 1
Views: 1088
Answers (2)
Reputation: 3523
There are a lot of essential security precautions such as a strong authentication system, validating user input to mitigate XSS and SQL injection attacks and escaping HTML at the views.
You can find information about common Ruby on Rails application vulnerabilities and their countermeasures at the Zen Rails Security Checklist.
Upvotes: 0
Reputation: 9752
I would suggest looking over the Rails Security Guide which should go over the common pitfalls that you would usually encounter. Also check out the additional resources that they list on the guide:
The security landscape shifts and it is important to keep up to date, because missing a new vulnerability can be catastrophic. You can find additional resources about (Rails) security here:
- The Ruby on Rails security project posts security news regularly: http://www.rorsecurity.info
- Subscribe to the Rails security mailing list
- Keep up to date on the other application layers (they have a weekly newsletter, too)
- A good security blog including the Cross-Site scripting Cheat Sheet
Upvotes: 4
Related Questions
- where to put secure passwords/keys in a rails app?
- What are the best practices for authorization?
- Rails Overall Architecture Best Practices
- Rails Production Environment
- Securing Local Development Ruby on Rails
- Rails security concerns
- How to implement security in Rails 3?
- Rails security on production server
- Capistrano security best practice
- What are all the security measures I should check over before deploying my Rails application?