Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
tptacek
on Jan 3, 2013
|
parent
|
context
|
favorite
| on:
SQL Injection Vulnerability in Ruby on Rails; affe...
It is possible, but not straightforwardly. There isn't a code path I know of that converts param keys to symbols.
(I wouldn't have said it was possible unless I had a curl line that did it, for what it's worth.)
cheald
on Jan 3, 2013
[–]
You're the expert here, but that's really disturbing. Is it fixable?
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
(I wouldn't have said it was possible unless I had a curl line that did it, for what it's worth.)