That URL is from our log files; I masked our domain name (see below). We are getting calls made with very long parameters made every couple of minutes and since they all from Windows NT machines, I suspect it's a virus that the user might not even be aware of. Anyway, whether it's a virus or deliberate attempt to crack our systems, I would like to guard our parameters, so only appropriate size and content is passed in.
http://www.ourdomain.com/4/pick-up-your-toys?code=+%0d%0ahttp%3a%2f%2fwarn1207.hostevo.com%2fhome-rentals-in-brunswick.html+home+rentals+in+cape+cod+%0d%0ahttp%3a%2f%2fpetr3549.yourfreehosting.net%2fbaked-scrod-recipes.html+baked+spasagna+recipe+%0d%0ahttp%3a%2f Maurício Linhares wrote: > I can't really understand what you're trying to do here. > > What is this URL? Where is it being used to be dangerous? Is it in > activerecord code? > > If it is and you're following the best practices (using placeholders > to your conditions), this isn't a problem (as Frederick has already > explained). > > - > Maur�cio Linhares > http://alinhavado.wordpress.com/ (pt-br) | http://blog.codevader.com/ > (en) > > > > On Sun, Dec 21, 2008 at 12:00 AM, Ben Knight -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
