I am a fairly novice Rails developer but because most things in Rails are so easy, I'm always afraid I'm adding a new security hole when I write my code. For example, just an hour ago I spotted one in code I wrote a few weeks ago, where in the edit method of UsersController I forgot to check if the user you are editing was equal to the user you are logged in as (i.e. I am a fairly novice Rails developer but becaus