CSC/ECE 517 Fall 2014/ch1a 23 ss
Security Features in Rails 4.x
This wiki aims to highlight all the security features in a popular web application framework: Rails 4.x
Threats Against Web Applications
The threats against web applications include
user account hijacking
bypass of access control
reading or modifying sensitive data
presenting fraudulent content
Trojan horse
Security Enhancements
CSRF via Leaky #match Routes
Regular Expression Anchors in Format Validations
Clickjacking
User-Readable Sessions
Unresolved Issues
Verbose Servers Headers
Binding to 0.0.0.0
Versioned Secret Tokens
Logging Values in SQL statements
Offsite Redirects
Reference
http://blog.codeclimate.com/blog/2013/03/27/rails-insecure-defaults/