An interesting read about race conditions on the interweb.
An example of automatic security gone too far, in my opinion. Allow all parameters in production that were ever used in development?
Typosquatting gems: Don’t install coffe-script, urllib2, req7est. This guy uploaded 200+ packages with similar names as popular gems to illustrate the „typosquatting“ problem.
Don’t message secret URLs on Facebook, e.g. Google Docs because links shared via Facebook Messenger reveals the URL in a publicly accessible API.
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.