top five security tips

I've recently deployed my first app and although I don't think I've done
too much wrong I'm acutely aware of the importance of security. I'm sure
people here are also.

I'd be interested in learning more and as such I thought I'd start a
thread on the top five security mistakes (or gotchas I suppose) made by
people, or just any pointers for things to watch out for. Either
application based stuff or server configuration tips. I appreciate there
are a heck of a lot more than five things, but hey, gotta start
somewhere.

In my specific case, my app uses the original acts_as_authenticated
plugin as well as the file_column plugin (allows people to upload
images). I'm hosted on joyent shared hosting (aka textdrive).

Top 5 security mistakes when deploying a new app.

1) errr, apply special permissions to databases.yml
2) ...
3) ...
4) ...
5) ...

Appreciate any tips.

any pointers ?

any pointers ?

Well you've cast quite a wide net, and it's always hard to know at
what level your pitching. So I can say 'use h and sanitize where
appropriate', but I might be stating the bleeding obvious.

http://www.quarkruby.com/2007/9/20/ruby-on-rails-security-guide has
lots of good stuff (but it's not quite up to date, eg it warns against
using sanitize, recommending white_list instead but in rails 2.0
sanitize is white_list)

Fred