HTTP parameters aren't integers or Date objects or ActiveRecords, but
Rails functional tests allow you to pass all of these things as
parameters to test requests. Tests should emulate real life, so I
wrote up a patch that verifies that all parameters you send in a
request for a functional test ar
The HTTP Digest authentication will raise an exception, and return a
500, if the client fails to include a nonce key/value in the
Authorization header value. Rather than raise an exception it should
simply return 401.
This also happens if the client specifies Basic authentication
credentials. A
> Out of curiosity, what is the reasoning behind not using the 'taint'
> mechanism built into Ruby. Is it because this is more of a white-list
> approach, whereas 'taint' is more of a black-list approach?
Exactly, plus the database drivers all differed as to whether or not
they tainted strings.
