Ruby on Rails

Rails Security

CSRF protection, SQL injection, XSS, mass assignment, secrets management, HTTPS

22 preguntas de entrevista·
Senior
1

What mechanism does Rails use by default to protect against CSRF attacks?

Respuesta

Rails generates a unique CSRF token per session and automatically includes it in forms via a hidden field. This token is verified server-side for every non-GET request. The form_with helper automatically inserts this token, and protect_from_forgery is enabled by default in ApplicationController.

2

How to disable CSRF protection for a specific action in an API controller?

Respuesta

The skip_before_action :verify_authenticity_token method disables CSRF verification for specific actions. This is common for APIs using token-based authentication (JWT, API key) rather than sessions. It's recommended to limit this exception to strictly necessary actions using the only option.

3

What vulnerability is exploited in this code: User.where("name = '#{params[:name]}'")?

Respuesta

Direct params interpolation in a SQL query allows SQL injection. An attacker can send name="'; DROP TABLE users; --" to execute arbitrary SQL code. Use ActiveRecord placeholders instead: User.where(name: params[:name]) or User.where("name = ?", params[:name]).

4

Which ActiveRecord method automatically protects against SQL injection?

5

How does Rails automatically protect against XSS attacks in ERB views?

+19 preguntas de entrevista

Otros temas de entrevista Ruby on Rails

Ruby Basics

Junior
25 preguntas

Ruby Object-Oriented Programming

Junior
20 preguntas

Rails Fundamentals

Junior
18 preguntas

Routing & Controllers

Junior
22 preguntas

ActiveRecord Basics

Junior
25 preguntas

Views & ERB Templates

Junior
20 preguntas

ActiveRecord Associations

Mid-Level
24 preguntas

Advanced ActiveRecord Queries

Mid-Level
28 preguntas

Rails Forms

Mid-Level
20 preguntas

Authentication & Authorization

Mid-Level
22 preguntas

Modern Asset Pipeline & Frontend

Mid-Level
18 preguntas

Rails API Mode

Mid-Level
20 preguntas

Testing with RSpec

Mid-Level
24 preguntas

ActiveJob & Background Jobs

Mid-Level
20 preguntas

ActionCable & WebSockets

Mid-Level
18 preguntas

ActionMailer

Mid-Level
18 preguntas

ActiveStorage

Mid-Level
20 preguntas

Caching Strategies

Mid-Level
20 preguntas

Advanced Migrations

Mid-Level
20 preguntas

Rails Engines & Modular Apps

Senior
18 preguntas

Performance Optimization

Senior
26 preguntas

Rails Design Patterns

Senior
22 preguntas

Ruby Metaprogramming

Senior
20 preguntas

GraphQL with Rails

Senior
20 preguntas

Deployment & Production

Senior
20 preguntas

Monitoring & Logging

Senior
20 preguntas

Rails Upgrade Strategies

Senior
18 preguntas

Domina Ruby on Rails para tu próxima entrevista

Accede a todas las preguntas, flashcards, tests técnicos, ejercicios de code review y simuladores de entrevista.

Empieza gratis