On 9 February 2011 10:47, siebert <[email protected]> wrote: > Hi all, > > My team and I are finding ourselves a little in the dark about the > "CSRF Protection Bypass in Ruby on Rails" vulnerability that was > announced yesterday - > http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails > > What am I missing?
+1 I was looking at this last night and shaking my head trying to work out whether (from the description) this affects any of my sites, and if so, what to do to patch it. Fortunately, I have a penetration test scheduled in a couple of weeks for the app I'm working on at the moment, so I'll let those guys tell me if I'm at risk, and see if they can decipher the fix... -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
