Parameter validation and other security measures

We have a site that receives about 30000 uniques per month. Lately, we
have been hit with URLs that are hundreds of characters long with all
sort of junk in the URL/parameters. I suspect this is an attempt at
session hijacking or something similar. At a minimum, it fills up our
log files and generates undesirable email alerts.

I began reading up on Rails security here:
http://guides.rails.info/security.html and also looking into stuff like
http://www.hoptoadapp.com/welcome.

My question here is: what is a good way to validate “params” in rails
apps to handle SQL injections, etc.?

I’m considering writing some common routines to validate the param type,
min/max length, detect SQL keywords, etc. but didn’t want to reinvent
the wheel if there is already stuff out there (e.g. plugins).

Thanks in advance.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs