More Rails 4.0 upgrade changes

1. Compared existing branch with empty Rails 4.0 project and
    made changes as needed.
 2. Fix find/first warning.
 3. Fix sqlite timeout issue.
    -- config/database.yml
    -- spec/vulnerabilities/insecure_dor_spec.rb

app/controllers/application_controller.rb

@@ -3,7 +3,9 @@ class ApplicationController < ActionController::Base
   helper_method :current_user, :is_admin?, :sanitize_font
 
   # Our security guy keep talking about sea-surfing, cool story bro.
-  # protect_from_forgery
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  #protect_from_forgery with: :exception
 
   private
 

app/controllers/users_controller.rb

@@ -31,7 +31,8 @@ class UsersController < ApplicationController
     # Still an Insecure DoR vulnerability
     #user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
 
-    user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
+    #user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
+    user = User.where("user_id == '#{params[:user][:user_id]}'").first
     if user
       user.skip_user_id_assign = true
       user.skip_hash_password = true