Gaspard Bucher a écrit, le 09/24/2008 10:11 AM :
> Le 23 sept. 08 à 13:30, Lionel Bouton a écrit :
>
>
>> Gaspard Bucher a écrit, le 09/23/2008 12:36 PM :
>>
>>> I thought to use the taint/untaint mechanisme included with ruby to
>>> enhance security in zena. I have read that
>>> using taint is not that good for the following reasons:
>>>
>>> * It's not working on certain implementations of ruby (JRuby,
>>> IronRuby, ...)
>>> * It's a lot of work to make work (lots of tiny taint management code
>>> everywhere)
>>>
>>> I think I will just abandon this "taint" idea and continue writing
>>> careful code and tests.
>>>
>>> What do you think ?
>>>
>>>
>> safe_erb uses tainted? to make sure you properly sanitize the various
>> inputs of your application. You might want to look at it.
>>
> safe_erb is a nice idea, but it still means you have to untaint each
> time you do a sanity check like
> return parser_error("invalid name #{name.inspect}") unless name =~ /
> ^[a-zA-Z_]$/
> name.untaint # <<< line to add
>
Yes nothing is free.
> ...
>
> You cannot remove these lines (with some kind of conditional
> compilation)
Compilation ?
What you do is simply redefine your sanitizing method (that you should
already have by the way) to untaint in dev mode, no more no less.
safe_erb does it for html_escape, escape_once and strip_tags for example.
In production there's zero impact : you original sanitizing methods run
unmodified and you don't even have to put safe_erb in vendor/plugins there.
This is how it works for us.
Lionel
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
