Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The last Rails SQLI vulnerability was mitigated by the way ActionPack parsed request parameters, so lots of people dove into that code to see if the mitigation could be evaded with JSON or XML. That gave people incentive to review Rails XML parser wrapper class. The problem with that class is pretty obvious.


Makes perfect sense. Thanks for pointing this out.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: