anyway when receiving
> data from the client), you'd avoid this, no?
Paranoid configurations are exactly the thing you want from a security
standpoint. Defense in depth is very important. Is it not that the DB
admin does not trust his devs but that they are not perfect and make
one of the few cases where MySQL actually behaves more secure
than PostgreSQL&co.
Jonathan
--
Jonathan Weiss
http://blog.innerewut.de
http://twitter.com/jweiss
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups &q
ects/8994/tickets/734-add-support-for-index-length-in-mysql-adapter-and-schema-dumper#ticket-734-2
Jonathan
--
Jonathan Weiss
http://blog.innerewut.de
http://twitter.com/jweiss
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Goog
jweiss => Jonathan Weiss
--
Jonathan Weiss
http://blog.innerewut.de
http://twitter.com/jweiss
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Core" group.
To post to this group,
ex
length in MySQL adapter and schema dumper:
http://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets/734
--
Jonathan Weiss
http://blog.innerewut.de
http://twitter.com/jweiss
--~--~-~--~~~---~--~~
You received this message because you are subscribed t
version
raise 'private'
end
end
class VersionedProduct < Product
def version
attributes[:version]
end
end
You could do the same for the setter or even write your attr_private
method that will generate the getters/setters.
But again, I see no point in doing so.
Jo
> raise a NoMethodError."
Hu? Foo.new *has* a bar method. It just doesn't allow you to set it in
mass-assignment.
Jonathan
--
Jonathan Weiss
http://blog.innerewut.de
http://twitter.com/jweiss
--~--~-~--~~~---~--~~
You received this message because you
Cheers,
There is a major security problem in ActiveRecord. I'm the process of
writing the tests and the fix.
This should definitely go into 2.1 and be backported to 2.0.
I'm not sure I should post the exact problem here. Could somebody from
the core team contact me?
Jonathan
--
d markup.
Jonathan
--
Jonathan Weiss
http://blog.innerewut.de
http://twitter.com/jweiss
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Core" group.
To post to this group, send email to rubyonr
, "localhost"
ActiveSupport::Cache.lookup_store :mem_cache_store, "localhost",
'192.168.1.1', :namespace => 'foo'
or
config.action_controller.fragment_cache_store = :mem_cache_store,
'localhost', {:debug => true, :namespace =>'foo'
Tim Lucas schrieb:
> Not sure what Jamis is up to, but just in case this fell off the radar:
> http://dev.rubyonrails.org/ticket/10058
I already gave it a '+1', anybody else care to review?
Jonathan
--
Jonathan Weiss
http://b
Tarmo Tänav wrote:
>
> Could you add the +1 to trac? (and a verified keyword with it)
>
done
Jonathan
--
Jonathan Weiss
http://blog.innerewut.de
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
on hasn't been used in
>> some time, and I don't feel particularly qualified to pass judgement
>> on this patch
>
> *bump*
>
> tarmo's given it a +1 over at the Trac site. Any other takers?
> Let me know if anything needs any further adjustment too and I'
ons for no new functionality doesn't seem like a good trade :)
It would make the life of all non-english developers a lot easier as
swapping the hard coded strings becomes very easy and does not include
copy&pasting functionality or fiddling rails' internals.
In case of the ave
> It has been open for 2
> months but no sign of being reviewed or accepted.
>
Yeah, can somebody please commit this. Without it using PostgreSQL 8.2
is really painfull.
Jonathan
--
Jonathan Weiss
http://blog.innerewut.de
--~--~-~--~~~---~--~~
You
> I believe that CookieStore should be either (1) secure against replay
> attacks by default, or (2) not the default session store. Anything
> else is asking too much of non-security-aware developers.
+ 1
Jonathan
--
Jonathan Weiss
http://blog.inn
HTML attributes. Without this changeset
single quotes are escaped while traversing the DOM tree with HTML::Node
but the escaping is left there so that a second traversal incorrectly
closes the quotes on the single quotes inside the attributes.
Regards,
Jonathan Weiss
--
Jonathan Weiss
http
17 matches
Mail list logo
