I’ve recently deployed my first app and although I don’t think I’ve done
too much wrong I’m acutely aware of the importance of security. I’m sure
people here are also.
I’d be interested in learning more and as such I thought I’d start a
thread on the top five security mistakes (or gotchas I suppose) made by
people, or just any pointers for things to watch out for. Either
application based stuff or server configuration tips. I appreciate there
are a heck of a lot more than five things, but hey, gotta start
somewhere.
In my specific case, my app uses the original acts_as_authenticated
plugin as well as the file_column plugin (allows people to upload
images). I’m hosted on joyent shared hosting (aka textdrive).
Top 5 security mistakes when deploying a new app.
- errr, apply special permissions to databases.yml
- …
- …
- …
- …
Appreciate any tips.