[X-POST] Fwd: [Ilugc] SQL Injection vulnerability in Ruby on Rails forces websites to close down

FYI:

---------- Forwarded message ----------
From: Natarajan V <rajanvn@gmail.com>
Date: Thu, Jan 10, 2013 at 10:49 AM
Subject: [Ilugc] SQL Injection vulnerability in Ruby on Rails forces websites to close down
To: ILUG-C <ilugc@ae.iitm.ac.in>


Hi,

A major security vulnerability found in RoR has forced a government
website to close down. The vulnerability exists in ALL versions of RoR
unless you upgraded in the last two days.

Some Links:
http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
http://it.slashdot.org/story/13/01/09/1557235/ruby-on-rails-sql-injection-flaw-has-serious-real-life-consequences
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ

As I was telling Karthick during my session, you can never assume that
your code is secure just because you are using some framework. You
should always do your home work, and whatever measures that the
framework takes, can be broken by a very very stupid programmer :D


--
Natarajan
_______________________________________________
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.