[BangPypers] [X-POST] Fwd: [Ilugc] SQL Injection vulnerability in Ruby on Rails forces websites to close down
Chintan Dave
davechintan at gmail.com
Thu Jan 10 06:51:45 CET 2013
It takes a little more than being stupid to break things... Trust me :)
On Thu, Jan 10, 2013 at 11:02 AM, Venkatraman S <venkat83 at gmail.com> wrote:
> FYI:
>
> ---------- Forwarded message ----------
> From: Natarajan V <rajanvn at gmail.com>
> Date: Thu, Jan 10, 2013 at 10:49 AM
> Subject: [Ilugc] SQL Injection vulnerability in Ruby on Rails forces
> websites to close down
> To: ILUG-C <ilugc at ae.iitm.ac.in>
>
>
> Hi,
>
> A major security vulnerability found in RoR has forced a government
> website to close down. The vulnerability exists in ALL versions of RoR
> unless you upgraded in the last two days.
>
> Some Links:
>
> http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
>
> http://it.slashdot.org/story/13/01/09/1557235/ruby-on-rails-sql-injection-flaw-has-serious-real-life-consequences
>
> https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ
>
> As I was telling Karthick during my session, you can never assume that
> your code is secure just because you are using some framework. You
> should always do your home work, and whatever measures that the
> framework takes, can be broken by a very very stupid programmer :D
>
>
> --
> Natarajan
> _______________________________________________
> ILUGC Mailing List:
> http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
> _______________________________________________
> BangPypers mailing list
> BangPypers at python.org
> http://mail.python.org/mailman/listinfo/bangpypers
>
--
Regards,
Chintan Dave,
LinkedIn: http://in.linkedin.com/in/chintandave
Blog:http://www.chintandave.com
More information about the BangPypers
mailing list