04 Jan '13, 12pm

Securing the Rails session secret: In light of yesterday's Rails SQL injection vulnerability, this article discu...

Securing the Rails session secret Posted by FooBarWidget on January 04, 2013 — 0 comments In light of yesterday's Rails SQL injection vulnerability, this article discusses how the Rails session secret can be secured in a better manner Comments “ ” Post a Comment Comment abilities for non registered users are currently deactivated, pending time to add a proper CAPTCHA to solve the escalating spam problem. Sorry!

Full article: http://www.rubyflow.com/items/8715-securing-the-rails-ses...

Tweets

So, this: why can :secret be a proc, and what i...

api.rubyonrails.org 05 Jan '13, 1pm

This cookie-based session store is the Rails default. Sessions typically contain at most a user_id and flash message; both...

If you develop w/ Ruby on Rails, there's a SQL ...

blog.phusion.nl 04 Jan '13, 1pm

So to inject arbitrary SQL, you need to tamper with the cookie, which requires the HMAC key. The HMAC key is the so-called...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

Ruby on Rails has SQL injection vuln

theregister.co.uk 03 Jan '13, 10pm

The maintainers of Ruby on Rails are warning of an SQL injection vulnerability which affects all versions of the popular W...

Ruby on Rails SQL Injection Flaw a Non-Issue for Most Organizations #ccureit

Ruby on Rails SQL Injection Flaw a Non-Issue fo...

securityweek.com 04 Jan '13, 12pm

“The Ruby on Rails SQL injection flaw highlighted in CVE-2012-5664 is a non-issue for most organizations and application d...

sql injection vulnerability in Active Record in...

permalink.gmane.org 02 Jan '13, 9pm

SQL Injection Vulnerability in Ruby on Rails There is a SQL injection vulnerability in Active Record in ALL versions. This...

Rails SQL injection vulnerability: hold your ho...

rubyflow.com 03 Jan '13, 11am

Rails SQL injection vulnerability: hold your horses, here are the facts Posted by FooBarWidget on January 03, 2013 — 0 com...

Ruby on Rails 3.2.10 Released to Address SQL In...

news.softpedia.com 03 Jan '13, 12pm

Ruby on Rails 3.2.10, 3.1.9, and 3.0.18 have been released to address an SQL Injection vulnerability in Active Record that...

SQL Injection Vulnerability in several versions...

rubyflow.com 02 Jan '13, 11pm

SQL Injection Vulnerability in several versions of Rails! Posted by bcardarella on January 02, 2013 — 0 comments Fixes alr...

SQL injection vulnerability hits all Ruby on Ra...

h-online.com 03 Jan '13, 9am

The Ruby on Rails developers are warning of an SQL injection vulnerability that affects all current versions of the web fr...

SQL injection vulnerability hits all Ruby on Ra...

h-online.com 03 Jan '13, 9am

The Ruby on Rails developers are warning of an SQL injection vulnerability that affects all current versions of the web fr...

Ruby on Rails security updates address SQL inje...

news.techworld.com 03 Jan '13, 3pm

Ruby on Rails developers have released versions 3.2.10, 3.1.9, and 3.0.18 of the popular web application development frame...

Ruby on Rails SQL injection issue

Ruby on Rails SQL injection issue

lwn.net 03 Jan '13, 1am

Ruby on Rails SQL injection issue [Posted January 3, 2013 by corbet] Ruby on Rails SQL injection issue [Security] Posted J...

All Ruby On Rails Versions Suffer SQL Injection...

it.slashdot.org 03 Jan '13, 4pm

"All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an att...