Chapter 18. Securing, Managing, and Deploying Your Rails Projects
When most people think about building a web application, they think about the design, programming, debugging, testing, and all the work that has to happen before an application goes live. Writing the code—while, of course, critical—isn’t the only major technology puzzle that has to get solved before an application runs. Bringing that application to the public (or even to an intranet) requires a few more critical steps that are as much about system administration as about code. The Rails framework approach is quite different from the usual CGI or PHP approach, so there are a fair number of Rails-specific issues you need to address.
First, you need to be prepared to battle the hostile nature of the Web. Every publicly exposed application will be tested and tried by a variety of visitors that you may not want or like, and even private applications sometimes face challenges from users. Using Rails isn’t particularly dangerous, and a lot of key techniques for protecting your applications from harm have already been covered. Nonetheless, it’s worth reviewing some Rails features that can be especially helpful.
Securing Your Application
It’s best to consider your application’s security before deploying it rather than after. It’s much easier to test for security leaks in the relative privacy of development mode, when only the schedule is a likely obstacle, rather than in a publicly available installation with real users who will ...