Hi, A major security vulnerability found in RoR has forced a government website to close down. The vulnerability exists in ALL versions of RoR unless you upgraded in the last two days.
Some Links: http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/ http://it.slashdot.org/story/13/01/09/1557235/ruby-on-rails-sql-injection-flaw-has-serious-real-life-consequences https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ As I was telling Karthick during my session, you can never assume that your code is secure just because you are using some framework. You should always do your home work, and whatever measures that the framework takes, can be broken by a very very stupid programmer :D -- Natarajan _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
