FYI: ---------- Forwarded message ---------- From: Natarajan V <raja...@gmail.com> Date: Thu, Jan 10, 2013 at 10:49 AM Subject: [Ilugc] SQL Injection vulnerability in Ruby on Rails forces websites to close down To: ILUG-C <il...@ae.iitm.ac.in>
Hi, A major security vulnerability found in RoR has forced a government website to close down. The vulnerability exists in ALL versions of RoR unless you upgraded in the last two days. Some Links: http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/ http://it.slashdot.org/story/13/01/09/1557235/ruby-on-rails-sql-injection-flaw-has-serious-real-life-consequences https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ As I was telling Karthick during my session, you can never assume that your code is secure just because you are using some framework. You should always do your home work, and whatever measures that the framework takes, can be broken by a very very stupid programmer :D -- Natarajan _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.