Talk:Grails Secure Code Review Cheat Sheet
presentation on encoding properly for the context).
- There are lots of built-in model validation constraints available to you
- use them. And not just "it must not be null" or "it must be less than 20 characters", but real format validation.
- Use useToken on Forms
- Do all the stuff listed in
http://grails.org/doc/latest/guide/single.html#security - it *really* is pretty good, including XSRF prevention, although I think the "Guessable ID's" section could use some fleshing out (make a map of the objects the user should be able to access, check against that, or don't send PK's at all - send keys into the map).