It takes a little more than being stupid to break things... Trust me :)
On Thu, Jan 10, 2013 at 11:02 AM, Venkatraman S <[email protected]> wrote: > FYI: > > ---------- Forwarded message ---------- > From: Natarajan V <[email protected]> > Date: Thu, Jan 10, 2013 at 10:49 AM > Subject: [Ilugc] SQL Injection vulnerability in Ruby on Rails forces > websites to close down > To: ILUG-C <[email protected]> > > > Hi, > > A major security vulnerability found in RoR has forced a government > website to close down. The vulnerability exists in ALL versions of RoR > unless you upgraded in the last two days. > > Some Links: > > http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/ > > http://it.slashdot.org/story/13/01/09/1557235/ruby-on-rails-sql-injection-flaw-has-serious-real-life-consequences > > https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ > > As I was telling Karthick during my session, you can never assume that > your code is secure just because you are using some framework. You > should always do your home work, and whatever measures that the > framework takes, can be broken by a very very stupid programmer :D > > > -- > Natarajan > _______________________________________________ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc > _______________________________________________ > BangPypers mailing list > [email protected] > http://mail.python.org/mailman/listinfo/bangpypers > -- Regards, Chintan Dave, LinkedIn: http://in.linkedin.com/in/chintandave Blog:http://www.chintandave.com _______________________________________________ BangPypers mailing list [email protected] http://mail.python.org/mailman/listinfo/bangpypers
