> > I guess the only solution really is to not use MySQL :/ > Although that's a good idea in general I would argue that the only solution really is for the rails YAML parser not to be so liberal with tainted strings. I won't go into why the entire ruby taint mechanism is lame but at least rails could adopt this gem https://github.com/dtao/safe_yaml
Yes mysql sucks and it's really easy for us postgres snobs to point and laugh at people who use mysql but by the same token other framework snobs can point and laugh at rails and say "this framework allows instantiation of objects from tainted strings and therefore should be avoided". The only real solution is for rails to treat tainted strings in a much more strict matter. -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/rails-oceania?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
