Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin.
Create dynamic roles that can be assigned to users. Based on the assigned role, the user will be able to perform or view various parts of the application.
In this interview, Frank Rietta, a security expert in web applications, talks about various recommendations for securing a Ruby on Rails application. Many areas are explored from code, staff, servers and infrastructure.