We have a site that receives about 30000 uniques per month. Lately, we have been hit with URLs that are hundreds of characters long with all sort of junk in the URL/parameters. I suspect this is an attempt at session hijacking or something similar. At a minimum, it fills up our log files and generates undesirable email alerts.
I began reading up on Rails security here: http://guides.rails.info/security.html and also looking into stuff like http://www.hoptoadapp.com/welcome. My question here is: what is a good way to validate "params" in rails apps to handle SQL injections, etc.? I'm considering writing some common routines to validate the param type, min/max length, detect SQL keywords, etc. but didn't want to reinvent the wheel if there is already stuff out there (e.g. plugins). Thanks in advance. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
