What should I check before my Ruby on Rails web site goes live?

Question

As a developer new to Rails, I'd like to know what checklists seasoned Rails developers might have of things to check before putting a Ruby on Rails web site live. I am thinking that you should probably remove generated views that you aren't using, remove controller actions you don't need, remove default routes and so forth.

I'm thinking there could be a list for performance and another for security..?

Answer 1

Security

1. Disable Apache script processing for the public directory.
2. filter_parameter_logging :password in application_controller.rb (and password_confirmation, credit card numbers etc.)
3. Make sure you require SSL for login, credit card processing

Performance

1. Cache everything you can, especially the front page

Look at this question: what-should-a-developer-know-before-building-a-public-web-site

Answer 2

Make sure you have a cron job backing up your database (and user's uploaded files!).

Replication is not backup. RAID is not backup. Databases can get corrupted. (Including by your own buggy code.) Data can be hacked.

When that happens, you need a backup.

Not just a single copy: keep checkpoints in case your db gets corrupted and you don't notice before the backup runs.

Not just on the same server/drive as the database itself on case the drive is unrecoverably hosed.

Remember what happened to ma.gnolia.com

Don't let it happen to you.