The latest Rails security fixes were another reminder that we shouldn’t rely too much on a framework to solve everything security for us. Let’s take a moment every time we use user input directly (like in render params[:id]) and think about what class it could potentially be: Fixnum, String, Array, Hash, nil, a blank string. This and other news in the Rails and web app security reading list.