Ruby On Rails Security Guide

A very nice list. Readable, explanatory, and <i>full</i> of good suggestions. Almost all focused on session / injection / xss attacks, but that's probably the biggest threat you've got. I wish I'd seen it sooner; <i>most</i> I've seen before, but the regex one in particular was new to me, and it really only takes <i>one</i>, doesn't it?<p>Anyone know of anything notable they missed? I'd love to know, and it could be useful to get it added to the list too.

The regular expression surprised me. I'm really used to using ^$ in php and it works as intended but apparently in Ruby the correct delimiters are \A\z.

One of my rails apps was hijacked via xss injection last week. I wish I had read this guide sooner. I highly recommend for any rails admin.

Thanks. I've read this before, but it's always good to reread it.