GitHub incidents spawns Rails security debate
Posted Mar 26, 2012 20:18 UTC (Mon) by bronson (subscriber, #4806)
> So Rails basically gives the whole world read/write access to your database by default, by design?
Absolutely not. And nowhere in the article did it say that.
> Wow, looks like the Rails developers are just among the biggest idiots the universe ever created
> or they are intentionally disseminating malicious software.
Maybe your tinfoil hat needs adjustment?
Posted Mar 27, 2012 13:18 UTC (Tue) by jwakely (guest, #60262)
Posted Mar 27, 2012 17:31 UTC (Tue) by bronson (subscriber, #4806)
> Rails basically gives the whole world read/write access to your database by default, by design.
If that were true, Rails sites would be getting pwned left and right.
I'd guess Model.new(params[:model]) isn't used in many production Rails sites. Not in any of the ones I've worked on anyway.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds