https://groups.google.com/forum/#!topic/rubyonrails-core/hvfx2MOLnoU - This looks good but there have been instances where some issue or the other vulnerabilities have made their way through SafeBuffer, if I remember correctly. This again could be due to the way the app developer writes the code.
So, Christoph's approach is ofcourse better, quite detailed and well thought-out. I just feel that it expects some work from the app developers which could make it difficult to adopt. Just my two cents. Anuj On 28 November 2011 20:16, Ilya Grigorik <[email protected]> wrote: > Hmm, brakeman looks interesting. Having said that, static analysis is a > nice security blanket, but it would still be nice to have an enforceable > runtime policy that Christoph is alluding to. > > This seems to be related also: > https://groups.google.com/forum/#!topic/rubyonrails-core/hvfx2MOLnoU - > Christoph, any thoughts? > > ig > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Core" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/rubyonrails-core/-/Xiw70fs5eo0J. > > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-core?hl=en. > -- Anuj DUTTA -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
