Section 11.0. Introduction


11.0. Introduction

Security is important to some degree in most software, but is especially important in web applications because of the public nature of the Internet. In many cases, some part of your application is accessible to anyone or any script that may potentially be trying to attack it. The motivation for the attack is usually impersonal; many scripts automatically hunt the Web for known vulnerabilities. In some cases, your application may contain information that is worth trying to steal, such as credit card numbers or other personal information about your application's users.

The best approach is to treat all your applications with care when it comes to securing them from attackers. That way, the skills and best practices you use will become good habits that you can apply to all your projects.

The two big security categories for web applications are SQL injection and cross-site scripting (XSS). Other attacks could come from your server becoming compromised by some other type of network attack or by a compromised user account.

Keep this basic rule in mind: filter input, escape output.




Rails Cookbook
Rails Cookbook (Cookbooks (OReilly))
ISBN: 0596527314
EAN: 2147483647
Year: 2007
Pages: 250
Authors: Rob Orsini

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net