from Hacker News

Prevent information leaking in Rails

by gregmolnar on 10/28/15, 8:59 PM with 5 comments

• by colinyoung on 10/28/15, 10:50 PM

  This is hardly a flaw in Rails - if the user's login session isn't ended before handing physical access to another person, that's not really the software's problem.

• by swalberg on 10/28/15, 11:52 PM

  Hm, I thought it was going to be talking about leaking information from your app, not browser cache.

  Putting the database row ID in urls, which is the Rails default, basically lets a competitor plot your growth with a simple script.