I am putting my first rails app on the internet, I have read the rails guide on security and have implemented the points listed in there but was interested to hear of anything else ?
Also I currently store my uploads in public/documents is this ok ? I noticed there is no htaccess files protecting the directory.
Storing your uploads in a predictable location is a bad idea if you want to keep them a secret. If you don't care about people accessing it then it doesn't matter. Using .htaccess to password protect the directory is a good solution.
You should test your application for vulnerablites using Acunetx($$) or Wapiti (open source).
You should also read: What should a developer know before building a public web site?
If your site allows anyone to upload, it is a bad idea to store your uploads in a place that non-logged-in users can get to them. This is because then your site can be used by unscrupulous people as a place to store things that you might not want stored, such as malware.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With