Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
There is a very useful method in Net::HTTP library that gives ability to debug HTTP requests.
Here is what documentation says about that:
set_debug_output(output)WARNING This method causes serious security hole. Never use this method in production code.
Set an output stream for debugging.
http://ruby-doc.org/stdlib/libdoc/net/http/rdoc/classes/Net/HTTP.html#M001371
What security hole is mentioned here?
Looking at the code, there is no other security hole, except for the fact that everything in the HTTP protocol is passed to the stream you provide. If you don’t take care and the output is put somewhere you don’t suspect it, this could expose the internal workings of you application.
IMHO, the statement in the documentation is pretty hard and doesn’t provide a good explanation regarding the security hole. I think the comment should read something along the lines of:
Long story short: there is no “hidden” security hole.