Rails 企业应用程序应具备哪些安全措施?
一些安全措施的例子:
管理区域认证和IP限制
没有用户添加 CSS,因为一些旧浏览器可以在 CSS 中运行 JavaScript
数据库中的用户信息是否应该加密?
最佳答案
我建议查看 Rails Security Guide这应该克服您通常会遇到的常见陷阱。另请查看他们在指南中列出的其他资源:
The security landscape shifts and it is important to keep up to date, because missing a new vulnerability can be catastrophic. You can find additional resources about (Rails) security here:
- The Ruby on Rails security project posts security news regularly: http://www.rorsecurity.info
- Subscribe to the Rails security mailing list
- Keep up to date on the other application layers (they have a weekly newsletter, too)
- A good security blog including the Cross-Site scripting Cheat Sheet
关于ruby-on-rails - 企业 Rails 应用程序的最佳实践安全措施?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/7047399/