I was wondering, as ruby (with rails) does every database update and create (using scaffold) in the back (correct me if im wrong).
But how is f.e. SQL Injection handled, and other type of attacks?
(sorry for my bad english)
Firstly, your question is quite specific to Rails, I feel, rather than Ruby. There are many different database abstraction libraries for Ruby that have different ways (or even no ways!) of managing SQL attacks, but Rails uses ActiveRecord and the link presented above gives good information on that. Rest assured, though, with the latest version of Rails and using ActiveRecord properly (rather than manually building SQL) you're not particularly susceptible to SQL injection attacks.
Author of Beginning Ruby (Apress): http://bit.ly/t31ag Editor of Ruby Inside and RubyFlow