Ruby on Rails: How do I protect my app from packet sniffers modifying packets?

I think I can intercept any packet from my app and change the url, and the params such that the users' account would de delete / other stuff could be deleted.

How do I protect against this? since the auth_token, and cookie are passed i开发者_C百科n every packet?

The standard protection agains packet sniffing is to secure your connections with HTTPS.

Here is some info:

http://collectiveidea.com/blog/archives/2010/11/29/ssl-with-rails/

Here's a ton of resources on protecting your app: http://guides.rubyonrails.org/security.html

I don't think it's really about securing rails if you are concerned about packet sniffing. You need to use SSL to encrypt the communication between client and your web server.