On Tue, Aug 17, 2010 at 11:32, Kaspir Ghost <li...@ruby-forum.com> wrote:
> I am the only user on the site. Does either option still present a > threat for me? If you allow people to comment, then their comments must likewise be sanitized. If you do not, then that is an indirect hazard to you -- allowing common attack vectors like XSS vulnerabilities to go unaddressed, is hazardous to your professional reputation. :-) IOW, don't just do it because of any direct immediate threat to you. Do it because it's The Right Thing To Do. -Dave -- Specialization is for insects. -RAH | Have Pun, Will Babble! -me Programming Blog: http://codosaur.us | Work: http://davearonson.com Leadership Blog: http://dare2xl.com | Play: http://davearonson.net * * * * * WATCH THIS SPACE * * * * * | Ruby: http://mars.groupsite.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.