[BangPypers] [X-POST] Fwd: [Ilugc] SQL Injection vulnerability in Ruby on Rails forces websites to close down
Venkatraman S
venkat83 at gmail.com
Thu Jan 10 06:32:12 CET 2013
FYI:
---------- Forwarded message ----------
From: Natarajan V <rajanvn at gmail.com>
Date: Thu, Jan 10, 2013 at 10:49 AM
Subject: [Ilugc] SQL Injection vulnerability in Ruby on Rails forces
websites to close down
To: ILUG-C <ilugc at ae.iitm.ac.in>
Hi,
A major security vulnerability found in RoR has forced a government
website to close down. The vulnerability exists in ALL versions of RoR
unless you upgraded in the last two days.
Some Links:
http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
http://it.slashdot.org/story/13/01/09/1557235/ruby-on-rails-sql-injection-flaw-has-serious-real-life-consequences
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ
As I was telling Karthick during my session, you can never assume that
your code is secure just because you are using some framework. You
should always do your home work, and whatever measures that the
framework takes, can be broken by a very very stupid programmer :D
--
Natarajan
_______________________________________________
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
More information about the BangPypers
mailing list