Andreas Schwarz has long been one of the most vocal speakers for making sure Rails could be keep the data of its applications secret and safe. So what could be more natural than for him to share his knowledge in a new Rails manual entitled Securing your Rails.
It so far includes three chapters on SQL Injection, Cross Site Scripting, and Creating records directly from form parameters.
It’s still a work in progress, but already packed with useful information.