Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
What vulnerabilities are possible in ruby with $SAFE = 4? Right off the bat I know that XSRF is possible because the attack has nothing to do with “tainted variables” but rather where http request originates from. I know that using weak cryptographic algorithms like md5() won’t be picked up. Do you know of any others? Code examples are much appreciated!
There’s an almost limitless array of vulnerabilities possible with $SAFE=4. Nothing can protect you from all the arbitrary bad things you can do it code. For example, you can do all sorts of dumb things with sensitive data in a database if you’re not careful no matter what the $SAFE mode — for Web apps, this should actually be a much bigger concern than the things $SAFE helps you with. $SAFE essentially protects you from one common thing you might do wrong while leaving all the others open. See last year’s winner of the Underhanded C Contest: