15 May '12, 12am

Ранок добрий :) В Mechanize 2.5.1 виправили критичний баг

Mechanize#auth and Mechanize#basic_auth allowed disclosure of passwords to malicious servers and have been deprecated. In prior versions of mechanize only one set of HTTP authentication credentials were allowed for all connections. If a mechanize instance connected to more than one server then a malicious server detecting mechanize could ask for HTTP Basic authentication. This would expose the username and password intended only for one server. Mechanize#auth and Mechanize#basic_auth now warn when used. To fix the warning switch to Mechanize#add_auth which requires the URI the credentials are intended for, the username and the password. Optionally an HTTP authentication realm or NTLM domain may be provided.

Full article: http://mechanize.rubyforge.org/CHANGELOG_rdoc.html#label-...

Tweets

Mechanize 2.5

blog.segment7.net 09 May '12, 8pm

drbrain | Wed, 09 May 2012 20:48:00 GMT Posted in Software Documentation Source The Mechanize library is used for automati...

via twiterfee mechanize:

mechanize.rubyforge.org 25 May '12, 4am

library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redire...

多分ここら辺 Now Browsing: Documentation: Cyclone III...

altera.com 12 May '12, 3pm

I/O Interfaces, Protocols and Signal Integrity AN 447: Interfacing Cyclone III and Cyclone IV Devices with 3.3/3.0/2.5-V L...

Concerto Software for Critical Chain Project Ma...

defenseindustrydaily.com 14 May '12, 3am

In May 2012, Realization Technologies, Inc. in San Jose, CA received a $35.2 million firm-fixed-price contract to maintain...

JPMorgan's CIO expected to leave as pressure sets in after $2.5b loss

JPMorgan's CIO expected to leave as pressure se...

straitstimes.com 14 May '12, 8am

In this May 11, 2012 file photo, people stand in the lobby of JPMorgan Chase headquarters in New York. JPMorgan Chase is e...