Looking for suggestions for building a secure REST API within Ruby on Rails

Question

I\'m getting started on building a REST API for a project I\'m working on, and it led me to do a little research as to the best way to build an API using RoR. I find out pre

Answer 1

How do I secure my app to prevent unauthorized changes?

attr_accessible and attr_protected are both useful for controlling the ability to perform mass-assignments on an ActiveRecord model. You definitely want to use attr_protected to prevent form injection attacks; see Use attr_protected or we will hack you.

Also, in order to prevent anyone from being able to access the controllers in your Rails app, you're almost certainly going to need some kind of user authentication system and put a before_filter in your controllers to ensure that you have an authorized user making the request before you allow the requested controller action to execute.

See the Ruby on Rails Security Guide (part of the Rails Documentation Project) for tons more helpful info.