Ruby on Rails Security Guide

Please refer the following for Ruby on Rails best practices on the security. CSRF and XSS are the most important ones:-


1) CSRF –

2) XSS –

3) Protection flags on cookies –

4) Filter parameter logging –

Scrub sensitive parameters from your log

When a user logs into the application, it will display the password as a string in the log. This is not at all safe. Whoever, have access to see the log can get to know about the personal passwords given by the user when logging into the application. To avoid this, add the line filter_parameter_logging :password in the application controller. After doing this your log won’t display the password as a string, rather it will display as password => [FILTERED] which is much secure.