| |||||||||||||
Github compromised, or not?!Github compromised, or not?!Posted Mar 5, 2012 21:10 UTC (Mon) by rfunk (subscriber, #4054)In reply to: Github compromised, or not?! by fogzot Parent article: Github compromised
Yes.
The discussion in the Rails bug report is probably the best place to get the technical history of this: https://github.com/rails/rails/issues/5228
And the likely plan for fixing Rails:
(Log in to post comments)
Github compromised, or not?! Posted Mar 5, 2012 21:32 UTC (Mon) by robinst (subscriber, #61173) [Link]
By the way, the default for new applications is already fixed:
https://github.com/rails/rails/commit/641a4f62405cc276542...
And existing applications can enable the configuration option and fix their models to get the secure-by-default behavior.
Github compromised, or not?! Posted Mar 7, 2012 11:32 UTC (Wed) by job (guest, #670) [Link]
How could this not have been obvious from the start? The more I read about this mass assignment thing the more I am saddened by web developers. Did they learn nothing from PHP?
|
|||||||||||||