security

Pay more attentions on security

22 Mar 2013

Richard Huang

Recently we saw rails exposed some security issues, github was attacked, rubygems.org was crashed, they all remind us we must pay more attentions on our rails projects. Read More

Tags security

Protect mass assignment

06 Mar 2012

Richard Huang

Rails mass assignment feature is really useful, but it may be a security issue, it allows an attacker to set any models' attributes you may not expect. To avoid this, we should add attr_accessbile or attr_protected to all models. Read More

Tags model security