Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
GitHub incidents spawns Rails security debate
Posted Mar 26, 2012 20:18 UTC (Mon) by bronson (subscriber, #4806)
> So Rails basically gives the whole world read/write access to your database by default, by design?
Absolutely not. And nowhere in the article did it say that.
> Wow, looks like the Rails developers are just among the biggest idiots the universe ever created
> or they are intentionally disseminating malicious software.
Maybe your tinfoil hat needs adjustment?
Posted Mar 27, 2012 13:18 UTC (Tue) by jwakely (subscriber, #60262)
Posted Mar 27, 2012 17:31 UTC (Tue) by bronson (subscriber, #4806)
> Rails basically gives the whole world read/write access to your database by default, by design.
If that were true, Rails sites would be getting pwned left and right.
I'd guess Model.new(params[:model]) isn't used in many production Rails sites. Not in any of the ones I've worked on anyway.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds