security episodes

Here I walk you through adding the ability to sort table columns in ascending or descending order by clicking the header.

It is easy to be vulnerable to cross site scripting attacks in earlier versions of Rails, but Rails 3 solves this by automatically escaping unsafe input.

Security is important! Here I show seven different security flaws which are common to Rails applications ranging from mass assignment to CSRF protection.

This episode shows how to encrypt the variables passed to PayPal and verify the authenticity of the payment notifications (IPN).

Another common security issue is cross site scripting. In this episode you will see why it is so important to escape any HTML a user may submit.

Your site may be at risk! When using mass assignment, you are giving the user complete control over that model and its associations. See how a hacker might use this vulnerability and learn how to stop it in this episode.

One of the most common security problems for dynamic sites is SQL Injection. Thankfully Rails does everything it can in solving this issue, but you still need to be aware of it.

In this second part of the series on administration, you will learn how to lock down the site to keep the public from accessing the administration features.

Are you accepting sensitive user data? Passwords, credit card numbers, etc. By default, Rails stores all submitted parameters in plain text in the logs. This episode will show you how to filter this sensitive input so it doesn't show up in the log file.