Since its conception at the end of 2005, Rails has evolved supported by a growing number of developers to become a solid, scalable, well-documented Web programming framework, prepared for the business environment and with a security awareness that already pointed ways from its origins.
Currently, although the latest available version of Rails is 2.3.5, the jump to the new generation (version 3) after the merger with Merb -- another Web development framework on Ruby -- seems imminent, and given the degree of progress of the project, it is expected to occur throughout this year 2010.
From the point of view of safety, the new generation of Rails offers interesting possibilities, such as the use of custom middleware using rack (http://guides.rails.info/rails_on_rack.html), in addition to officially incorporating solutions that in previous versions of rails were implemented in plugins.
Whether we are developing with Rails in the 2.3.x branch or if we have in mind to undertake the migration or the development of a new business application based on version 3 of Rails, there are a number of considerations that we must take into account if we want to implement an adequate level of security in our Web application.
First, we will see some of the typical mistakes that are made during development and that will have implications to a greater or lesser extent on the security of our application. Needless to say, the examples used are very simplified to facilitate their understanding.
The second part of this document provides recommendations and considerations to be taken into account during development. In addition, some solutions available in the form of plugins that will contribute to improving the security of applications developed with Rails are discussed.
