Forum: Ruby on Rails Parameter validation and other security measures

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
B06f6479558ba7218963e93797d2f928?d=identicon&s=25 Ben Knight (biguniverse)
on 2008-12-12 01:45
We have a site that receives about 30000 uniques per month.  Lately, we
have been hit with URLs that are hundreds of characters long with all
sort of junk in the URL/parameters.  I suspect this is an attempt at
session hijacking or something similar.  At a minimum, it fills up our
log files and generates undesirable email alerts.

I began reading up on Rails security here:
http://guides.rails.info/security.html and also looking into stuff like
http://www.hoptoadapp.com/welcome.

My question here is: what is a good way to validate "params" in rails
apps to handle SQL injections, etc.?

I'm considering writing some common routines to validate the param type,
min/max length, detect SQL keywords, etc. but didn't want to reinvent
the wheel if there is already stuff out there (e.g. plugins).

Thanks in advance.
This topic is locked and can not be replied to.