We have a site that receives about 30000 uniques per month. Lately, we
have been hit with URLs that are hundreds of characters long with all
sort of junk in the URL/parameters. I suspect this is an attempt at
session hijacking or something similar. At a minimum, it fills up our
log files and generates undesirable email alerts.
I began reading up on Rails security here:
rails.info and also looking into stuff like
http://www.hoptoadapp.com/welcome.
My question here is: what is a good way to validate “params” in rails
apps to handle SQL injections, etc.?
I’m considering writing some common routines to validate the param type,
min/max length, detect SQL keywords, etc. but didn’t want to reinvent
the wheel if there is already stuff out there (e.g. plugins).
Thanks in advance.