Don't give your app more privilege than it needs to run.
Even if you're running the app as an "unprivileged" user, an attacker could still execute a command like this:
echo "DROP TABLE users" | script/dbconsole Thanks, Nicholas -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To post to this group, send email to rails-oceania@googlegroups.com. To unsubscribe from this group, send email to rails-oceania+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rails-oceania?hl=en.
