Chris Shiflett ▪ Hacking Rails (and GitHub)

Chris Shiflett writes a clear recap of the GitHub ssh key exploit. A little scary that Rails doesn’t make form field checking easy.

For those of you more familiar with PHP, imagine a feature like register_globals, but instead of injecting arbitrary form data into the global namespace, it injects arbitrary form data into the database. It might as well be called opt-in SQL injection, but even that’s being too generous, because this is much easier to exploit than an SQL injection vulnerability.

Chris Shiflett ▪ Hacking Rails (and GitHub).

http://shiflett.org/blog/2012/mar/hacking-rails-and-github

Advertisements

About ejk

Software Developer, Library Geek, Dad, Sports Fan, Gamer

Posted on March 13, 2012, in Geekery, Rhymes with Toaster and tagged , , , . Bookmark the permalink. 1 Comment.

  1. It’s actually a nice and useful piece of information. I am satisfied that you just shared this useful info with us. Please stay us informed like this. Thanks for sharing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: