FYI: ---------- Forwarded message ---------- From: Natarajan V <[email protected]> Date: Thu, Jan 10, 2013 at 10:49 AM Subject: [Ilugc] SQL Injection vulnerability in Ruby on Rails forces websites to close down To: ILUG-C <[email protected]>
Hi, A major security vulnerability found in RoR has forced a government website to close down. The vulnerability exists in ALL versions of RoR unless you upgraded in the last two days. Some Links: http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/ http://it.slashdot.org/story/13/01/09/1557235/ruby-on-rails-sql-injection-flaw-has-serious-real-life-consequences https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ As I was telling Karthick during my session, you can never assume that your code is secure just because you are using some framework. You should always do your home work, and whatever measures that the framework takes, can be broken by a very very stupid programmer :D -- Natarajan _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc _______________________________________________ BangPypers mailing list [email protected] http://mail.python.org/mailman/listinfo/bangpypers
