From what I’ve seen after quickly browsing through the sitealizer
(http://sitealizer.rubyforge.org/) source, it’ll make the whole
application vulnerable to SQL-injection attacks. All HTTP params are
passed directly into SQL calls without quoting.
From what I’ve seen after quickly browsing through the sitealizer
(http://sitealizer.rubyforge.org/) source, it’ll make the whole
application vulnerable to SQL-injection attacks. All HTTP params are
passed directly into SQL calls without quoting.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs