diff --git a/rails/README.md b/rails/README.md
index 49de6413..a0f6b06f 100644
--- a/rails/README.md
+++ b/rails/README.md
@@ -81,6 +81,12 @@ Guidance on ActiveRecord, ActiveModel, and other model objects.
 - Use `db/seeds.rb` for data that is required in all environments.
 - Use `dev:prime` rake task for development environment seed data.
 
+## Security
+
+- Set [config.sandbox_by_default][sandbox] to `true` in production-like environments to avoid accidental writing to the production database.
+
+[sandbox]: https://guides.rubyonrails.org/configuring.html#config-sandbox-by-default
+
 ## Migrations
 
 [Sample](migration.rb)