addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrosseditemptyheartexportfacebookfolderfullheartglobegmailgoogleimageimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

automagic vulnerabilities connected to habtm

From: Shannon -jj B.
Sent on: Tuesday, July 28, 2009 12:09 PM
At the last meeting, I brought up the fact that
accepts_nested_attri­butes_for can lead to security holes that you
didn't expect if used incorrectly.  I was coding something yesterday,
and I realized that attributes= can lead to vulnerabilities too.  I
realized that almost everyone is vulnerable to this attack.  I brought
this up on the SF Ruby mailing list, which many of you are probably
subscribed to anyway.  There's a good thread going on.  The most
important link is:
http://railspikes...­.

Happy Hacking!
-jj

-- 
In this life we cannot do great things. We can only do small things
with great love. -- Mother Teresa
http://jjinux.blo...­

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy