Everyday Rails

Articles tagged security

Automatic code review with Pronto and GitHub Actions

Nobody likes to be the one to pick through your pull request for style guide and security violations. Here's how to ask robots to do the work for you, automatically! (May 29, 2021)

A general guide to upgrading Ruby in your Rails applications

It's the middle of December, which means a new version of Ruby will be released in just a few days. Even if you don't plan on upgrading your Rails applications to the latest version on day one, it's never a bad time to begin planning your next upgrade. (December 18, 2017)

Code reviewing as a mindset

Code reviews are more than proper indentation and method length. They're about understanding your software, and developing a better team of developers. Here's my approach to the code review practice. (January 16, 2017)

Going HTTPS-only in Rails with Let's Encrypt

Serving your Rails application over HTTP? Starting this month, your users may start receiving security warnings when visiting your site. Protect their safety and privacy quickly and easily with Let's Encrypt. (January 09, 2017)

Rails security essentials

Rails provides excellent support for software security, but you need to know how and when to apply those supports for them to work. Here's an overview of tools you can use to keep your applications safe. (December 12, 2016)

Clearance: The other Rails authentication gem

Looking for a well-balanced authentication solution? Check out Clearance as an alternative to Devise and has_secure_password. (January 23, 2016)

Authorization advice for Rails 3 and beyond

Here's the general process I follow whenever adding authorization—the logic that says what a user's allowed to do—to my Rails applications. (October 06, 2011)

Rails authentication today: Options for 3.0 and 3.1

There's no shortage of approaches to adding password-based security to your Rails applications. Here's a look at the current lineup. (September 21, 2011)

Obfuscated URLs with the FriendlyId gem

SEO-friendly URLs are great, but what if you want to obfuscate things a bit? Here's a proof of concept of one way to get the job done with the FriendlyId gem. (March 11, 2011)

Test with confidence!

If you liked my series on practical advice for adding reliable tests to your Rails apps, check out the expanded ebook version. Lots of additional, exclusive content and a complete sample Rails application.


Ruby on Rails news and tips, and other ideas and surprises from Aaron at Everyday Rails. Delivered to your inbox on no particular set schedule.