Parameter validation and other security measures


#1

We have a site that receives about 30000 uniques per month. Lately, we
have been hit with URLs that are hundreds of characters long with all
sort of junk in the URL/parameters. I suspect this is an attempt at
session hijacking or something similar. At a minimum, it fills up our
log files and generates undesirable email alerts.

I began reading up on Rails security here:
http://guides.rails.info/security.html and also looking into stuff like
http://www.hoptoadapp.com/welcome.

My question here is: what is a good way to validate “params” in rails
apps to handle SQL injections, etc.?

I’m considering writing some common routines to validate the param type,
min/max length, detect SQL keywords, etc. but didn’t want to reinvent
the wheel if there is already stuff out there (e.g. plugins).

Thanks in advance.