On Thu, Jan 10, 2013 at 10:49 AM, Natarajan V <raja...@gmail.com> wrote: > Hi, > > A major security vulnerability found in RoR has forced a government > website to close down. The vulnerability exists in ALL versions of RoR > unless you upgraded in the last two days. > > Some Links: > http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/ > http://it.slashdot.org/story/13/01/09/1557235/ruby-on-rails-sql-injection-flaw-has-serious-real-life-consequences > https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ > > As I was telling Karthick during my session, you can never assume that > your code is secure just because you are using some framework. You > should always do your home work, and whatever measures that the > framework takes, can be broken by a very very stupid programmer :D
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Thanks for the heads up. I did cursorily look at the referred links and did not come across any mention about the flaw being attributed to "stupid programming" If a bug is a way to judge our programming abilities, then all of us are "very very stupid programmers" -- Arun Khan _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
