Tim Lucas
2007-May-22 15:46 UTC
Tick #8432: Exception notification plugin and parameters with sensitive info
As does seem to be the custom these days... http://dev.rubyonrails.org/ticket/8432 From the ticket page:> The exception notification plugin doesn''t respect filtered > parameters and, as a result, emails can be sent out that contain > some interesting data (*cough* credit card numbers *cough*). > > Attached is a patch (with tests) that uses the controller''s param > filtering to make sure emails don''t contain any surprises.This fixes a potential security problem for anybody using the ExceptionNotification plugin and processing sensitive information. -- tim --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
Michael Koziarski
2007-May-24 07:05 UTC
Re: Tick #8432: Exception notification plugin and parameters with sensitive info
This is jamis'' baby and he''s on holiday till the weekend. Looks good to me though, so he''ll no doubt apply when he''s back On 5/23/07, Tim Lucas <t.lucas@toolmantim.com> wrote:> > As does seem to be the custom these days... > > http://dev.rubyonrails.org/ticket/8432 > > From the ticket page: > > > The exception notification plugin doesn''t respect filtered > > parameters and, as a result, emails can be sent out that contain > > some interesting data (*cough* credit card numbers *cough*). > > > > Attached is a patch (with tests) that uses the controller''s param > > filtering to make sure emails don''t contain any surprises. > > This fixes a potential security problem for anybody using the > ExceptionNotification plugin and processing sensitive information. > > -- tim > > > >-- Cheers Koz --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
Tim Lucas
2007-May-24 07:27 UTC
Re: Tick #8432: Exception notification plugin and parameters with sensitive info
On 24/05/2007, at 5:05 PM, Michael Koziarski wrote:>> On 5/23/07, Tim Lucas <t.lucas@toolmantim.com> wrote: >>> >>> http://dev.rubyonrails.org/ticket/8432 > > This is jamis'' baby and he''s on holiday till the weekend. Looks good > to me though, so he''ll no doubt apply when he''s backNo problemo--I figured he wouldn''t be hanging out on the Rails trac during his vacation :) -- tim --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---