The rails application allows users who are not logged in to register users who create a message object, save it in our database and then send the contents of the registered user. In our middleware, we began to receive a lot of spam from bots that crawl our site. We are worried about two things:
- Discomfort for our users
- SQL injection or any other security vulnerabilities that we donβt think about can occur in this context.
What are some good ways to deal with this problem? I understand that we could implement the captcha system, but this is not ideal from the point of view of users. We could also block IP addresses in places like China (or wherever they happen), but we can also serve users in China.
In addition, I believe that rails have built-in functions to sanitize query strings and prevent SQL injection, but is it turned on by default? Are there other things that we need to worry about preventing the rails from being processed by default in this case?
Any suggestions?
source
share