Ruby on Rails vulnerable to mass assignment and SQL injection - OpenRuby.com

Follow @openruby

Ruby on Rails vulnerable to mass assignment and SQL injection

news.ycombinator.com 11 Feb '13, 7pm

Ruby on Rails vulnerable to mass assignment and SQL injection

How do you guys who are freelancers or perhaps you work for a company and are the only guy working on a particular app handle security stuff like this?A lot of what I hear is "drop what you are doing and patch this right now!". But of course there are many reasons why this might not be possible. For example you might be on a 15 hour flight with no internet, you might be dealing with some family crisis, you might be in the middle of a coke and sex binge with identical twins who look like Scarlett Johansen or whatever. Do you live glued to your smartphone in constant fear of 0 days? Do you make sure there is some third party available to deal with this stuff? do you design with the possibility of having your app/site owned as a likely event? And how do you make your client/employer aware of the implications of stuff like this?

Full article: http://news.ycombinator.com/item?id=5202489

Tweets

@dadepo » 11 Feb '13, 9pm
Another Ruby on Rails security vulnerability?!!! [link]
@HNTweets » 11 Feb '13, 7pm
Ruby on Rails vulnerable to mass assignment and SQL injection: [link] Comments: [link]
@HackerNewsFP » 11 Feb '13, 7pm
Ruby on Rails vulnerable to mass assignment and SQL injection [link]
@HNComments » 11 Feb '13, 8pm
Ruby on Rails vulnerable to mass assignment and SQL injection [link]

Ruby on Rails vulnerable to mass assignment and...

zweitag.de 11 Feb '13, 6pm

Ruby on Rails vulnerable to mass assignment and SQL injection During the last weeks Ruby on Rails has been hit by several ...

Ruby on Rails vulnerable to mass assignment and...

reddit.com 11 Feb '13, 7pm

I'm pretty sure you don't have to either. True, and I don't, thank FSM. But my complaint wasn't that he has no point, rath...

Avoiding SQL Injection in Rails

rubyflow.com 11 Feb '13, 11pm

Avoiding SQL Injection in Rails Posted by presidentbeef on February 11, 2013 — 0 comments I promise this is not related to...

iStaff: Ruby on Rails Developer - Competitive: ...

jobs.telegraph.co.uk 11 Feb '13, 5am

iStaff This is an excellent opportunity to join an exciting company that is growing and working with the latest and greate...

Ruby on Rails: Aktualisierungen schließen kriti...

golem.de 12 Feb '13, 11am

Das Ruby-on-Rails-Team hat die Updates 3.2.12, 3.1.11 und 2.3.17 veröffentlicht , die zwei kritische Sicherheitslücken in ...

Ruby on Rails web site

1001freelanceprojects.com 09 Feb '13, 5pm

Request for Quote The Challenge Build the minimally viable database (e.g., MySQL, MS SQL, or NoSQL) and stack (e.g., PHP, ...

#eugenedevjobs Ruby on Rails Developer (Eugene,...

eugene.craigslist.org 11 Feb '13, 1am

TEKsystems is looking for a Sr. Software Engineer with full stack Ruby on Rails experience. The Sr. Software Engineer's pr...

2 Ruby on Rails Developers - OOP / MySQL / Ruby...

careerjet.co.uk 10 Feb '13, 10pm

2 Ruby on Rails Developers - OOP / MySQL / Ruby / JavaScript - £50K - SE London. If you a passionate Ruby on Rails Develop...

#posao #kragujevac Ruby on Rails developer kod ...

itposlovi.info 09 Feb '13, 4pm

SoftSerbia d.o.o. raspisuje konkurs za sledeće pozicije: Ruby on Rails developer Neophodne veštine i kvalifikacije: Ruby p...

Some Versions of Ruby on Rails Vulnerable to Ne...

threatpost.com 29 Jan '13, 6pm

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation (JSON) code that could open the Web framework up to a ...

New Job Alert: Ruby/Rails Developer at Cafepres...

simplyhired.com 09 Feb '13, 7pm

Requirements/Qualifications: 2 Years experience with Ruby and/or Rails 2 Years experience with other languages (.Net, Java...