We have a site that receives about 30000 uniques per month. Lately, we have been hit with URLs that are hundreds of characters long with all sort of junk in the URL/parameters. I suspect this is an attempt at session hijacking or something similar. At a minimum, it fills up our log files and generates undesirable email alerts. I began reading up on Rails security here: http://guides.rails.info/security.html and also looking into stuff like http://www.hoptoadapp.com/welcome. My question here is: what is a good way to validate "params" in rails apps to handle SQL injections, etc.? I'm considering writing some common routines to validate the param type, min/max length, detect SQL keywords, etc. but didn't want to reinvent the wheel if there is already stuff out there (e.g. plugins). Thanks in advance.
on 2008-12-12 01:45