Ruby on Rails

Rails Security

CSRF protection, SQL injection, XSS, mass assignment, secrets management, HTTPS

22 câu hỏi phỏng vấn·
Senior
1

What mechanism does Rails use by default to protect against CSRF attacks?

Câu trả lời

Rails generates a unique CSRF token per session and automatically includes it in forms via a hidden field. This token is verified server-side for every non-GET request. The form_with helper automatically inserts this token, and protect_from_forgery is enabled by default in ApplicationController.

2

How to disable CSRF protection for a specific action in an API controller?

Câu trả lời

The skip_before_action :verify_authenticity_token method disables CSRF verification for specific actions. This is common for APIs using token-based authentication (JWT, API key) rather than sessions. It's recommended to limit this exception to strictly necessary actions using the only option.

3

What vulnerability is exploited in this code: User.where("name = '#{params[:name]}'")?

Câu trả lời

Direct params interpolation in a SQL query allows SQL injection. An attacker can send name="'; DROP TABLE users; --" to execute arbitrary SQL code. Use ActiveRecord placeholders instead: User.where(name: params[:name]) or User.where("name = ?", params[:name]).

4

Which ActiveRecord method automatically protects against SQL injection?

5

How does Rails automatically protect against XSS attacks in ERB views?

+19 câu hỏi phỏng vấn

Các chủ đề phỏng vấn Ruby on Rails khác

Ruby Basics

Junior
25 câu hỏi

Ruby Object-Oriented Programming

Junior
20 câu hỏi

Rails Fundamentals

Junior
18 câu hỏi

Routing & Controllers

Junior
22 câu hỏi

ActiveRecord Basics

Junior
25 câu hỏi

Views & ERB Templates

Junior
20 câu hỏi

ActiveRecord Associations

Mid-Level
24 câu hỏi

Advanced ActiveRecord Queries

Mid-Level
28 câu hỏi

Rails Forms

Mid-Level
20 câu hỏi

Authentication & Authorization

Mid-Level
22 câu hỏi

Modern Asset Pipeline & Frontend

Mid-Level
18 câu hỏi

Rails API Mode

Mid-Level
20 câu hỏi

Testing with RSpec

Mid-Level
24 câu hỏi

ActiveJob & Background Jobs

Mid-Level
20 câu hỏi

ActionCable & WebSockets

Mid-Level
18 câu hỏi

ActionMailer

Mid-Level
18 câu hỏi

ActiveStorage

Mid-Level
20 câu hỏi

Caching Strategies

Mid-Level
20 câu hỏi

Advanced Migrations

Mid-Level
20 câu hỏi

Rails Engines & Modular Apps

Senior
18 câu hỏi

Performance Optimization

Senior
26 câu hỏi

Rails Design Patterns

Senior
22 câu hỏi

Ruby Metaprogramming

Senior
20 câu hỏi

GraphQL with Rails

Senior
20 câu hỏi

Deployment & Production

Senior
20 câu hỏi

Monitoring & Logging

Senior
20 câu hỏi

Rails Upgrade Strategies

Senior
18 câu hỏi

Nắm vững Ruby on Rails cho lần phỏng vấn tiếp theo

Truy cập tất cả câu hỏi, flashcards, bài kiểm tra kỹ thuật, bài tập code review và mô phỏng phỏng vấn.

Bắt đầu miễn phí