Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Rails security on production server

I am putting my first rails app on the internet, I have read the rails guide on security and have implemented the points listed in there but was interested to hear of anything else ?

Also I currently store my uploads in public/documents is this ok ? I noticed there is no htaccess files protecting the directory.

like image 311
Alex Avatar asked Aug 07 '10 19:08

Alex


2 Answers

Storing your uploads in a predictable location is a bad idea if you want to keep them a secret. If you don't care about people accessing it then it doesn't matter. Using .htaccess to password protect the directory is a good solution.

You should test your application for vulnerablites using Acunetx($$) or Wapiti (open source).

You should also read: What should a developer know before building a public web site?

like image 91
rook Avatar answered Nov 17 '22 09:11

rook


If your site allows anyone to upload, it is a bad idea to store your uploads in a place that non-logged-in users can get to them. This is because then your site can be used by unscrupulous people as a place to store things that you might not want stored, such as malware.

like image 2
novalis Avatar answered Nov 17 '22 08:11

novalis