Comments on: Multiple annoyances with Rails (more than one security issue) http://www.peterkrantz.com/2006/rails-security-issues/ A blog about technology, visualization, music and unmanned vehicle experiments Tue, 06 Jan 2009 21:52:37 +0000 http://wordpress.org/?v=2.7 hourly 1 By: Benjamin http://www.peterkrantz.com/2006/rails-security-issues/comment-page-1/#comment-147 Benjamin Wed, 16 Aug 2006 06:54:44 +0000 http://www.peterkrantz.com/2006/rails-security-issues/#comment-147 I have also used a visual creator for such a thing. But just because you use a visual database modeler, doesn't mean someone couldn't somehow slip something into the right directory using a long-lined script, and then execute that. I'm glad things got handled timely. It goes to show how young rails truly is still and how we must be cautious when and where we use it without setting up the right alarms, and by alarms, I mean the equivalent of the concept of checksums in ASM. Checking to make sure everything is operating even when we're not around... - ben @ http://rubyonrailsblog.com I have also used a visual creator for such a thing. But just because you use a visual database modeler, doesn’t mean someone couldn’t somehow slip something into the right directory using a long-lined script, and then execute that. I’m glad things got handled timely. It goes to show how young rails truly is still and how we must be cautious when and where we use it without setting up the right alarms, and by alarms, I mean the equivalent of the concept of checksums in ASM. Checking to make sure everything is operating even when we’re not around…

- ben @ http://rubyonrailsblog.com

]]> By: evan http://www.peterkrantz.com/2006/rails-security-issues/comment-page-1/#comment-126 evan Thu, 10 Aug 2006 17:58:43 +0000 http://www.peterkrantz.com/2006/rails-security-issues/#comment-126 Ohhhhhh.... I had clues that there was an issue like that, but I use a pure SQL schema in all my apps because I use a visual database modeler instead of migrations, so it never occurred to me that there would be such a "bomb" laying around on people's systems. Ohhhhhh…. I had clues that there was an issue like that, but I use a pure SQL schema in all my apps because I use a visual database modeler instead of migrations, so it never occurred to me that there would be such a “bomb” laying around on people’s systems.

]]> By: Chris Carter http://www.peterkrantz.com/2006/rails-security-issues/comment-page-1/#comment-123 Chris Carter Thu, 10 Aug 2006 15:22:51 +0000 http://www.peterkrantz.com/2006/rails-security-issues/#comment-123 The scary part is that it can run your schema.rb file, which will drop all your tables and re create them. The scary part is that it can run your schema.rb file, which will drop all your tables and re create them.

]]>