I will update the article with what you said here.
On Thursday, January 3, 2013 7:21:45 PM UTC+1, Michael Koziarski wrote:
On Friday, 4 January 2013 at 2:16 AM, Hongli Lai wrote:
This article explains how the vulnerability works, how it is triggered and
what the facts are:
This article explains how the vulnerability works, how it is triggered and
what the facts
are:
http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
On Wednesday, January 2, 2013 10:28:36 PM UTC+1, Aaron Patterson wrote:
Rails versions
On Friday, 4 January 2013 at 2:16 AM, Hongli Lai wrote:
This article explains how the vulnerability works, how it is triggered and
what the facts are:
http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
Please don't give people
There's a really big difference between these two potential scenarios:
(a) every single rails app I've ever written that uses
find_by_*(params[*]) is immediately and completely compromised by anyone in
the world with a simple well crafted url
-and-
(b) every single rails app I've ever
Thank you, Aaron, for your work on Rails!
3 3 3
On 03/01/2013, at 8:35, Aaron Patterson tenderl...@ruby-lang.org wrote:
On Wed, Jan 02, 2013 at 01:28:36PM -0800, Aaron Patterson wrote:
Rails versions 3.2.10, 3.1.9, and 3.0.18 have been released. These releases
contain an important