One of my apps uses will_paginate and I received several exception notifications overnight that indicate someone tried a SQL injection attack against the app using the :page parameter. How should I handle this?
The route they tried: ...events/upcoming?page=convert%28int%2Cdb_name%28%29%29%20and%201%3D1 The resulting error: A WillPaginate::InvalidPage occurred in events#upcoming: "convert(int,db_name()) and 1=1" given as value, which translates to '0' as page number /var/www/rails/apollo_production/shared/bundle/ruby/ 1.8/gems/will_paginate-2.3.16/lib/will_paginate/collection.rb:27:in `validate' Disregading than the general irritation this creates (how dare someone try to SQL inject my app!), what's the right way to detect and handle this? Cheers, Chris -- -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby --- You received this message because you are subscribed to the Google Groups "SD Ruby" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
