noreply@googlegroups.com
2006-Jun-30 10:27 UTC
[Rails] Posting error: Ruby On Rails mailing list archieve
You do not have permission to post to group railinglist. You may need to join the group before being allowed to post, or this group may not be open to posting. Visit http://groups.google.com/group/railinglist/about to join or learn more about who is allowed to post to the group. Help on using Google Groups is also available at: http://groups.google.com/support -------------- next part -------------- An embedded message was scrubbed... From: Joe Ruby <joeat303@yahoo.com> Subject: [Rails] Re: Inspiring Web 2.0 Rails Sites? Date: Fri, 30 Jun 2006 12:25:16 +0200 Size: 3895 Url: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060630/a983d27e/attachment.mht
noreply@googlegroups.com
2006-Jun-30 10:31 UTC
[Rails] Posting error: Ruby On Rails mailing list archieve
You do not have permission to post to group railinglist. You may need to join the group before being allowed to post, or this group may not be open to posting. Visit http://groups.google.com/group/railinglist/about to join or learn more about who is allowed to post to the group. Help on using Google Groups is also available at: http://groups.google.com/support -------------- next part -------------- An embedded message was scrubbed... From: Stephen Bartholomew <steve@curve21.com> Subject: [Rails] Re: @foo = Bar.new(params[:foo]) Date: Fri, 30 Jun 2006 12:30:10 +0200 Size: 3826 Url: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060630/92449e49/attachment.mht
Sorry for these emails. Wont happen again. Thanks, Pratik On 6/30/06, noreply@googlegroups.com <noreply@googlegroups.com> wrote:> You do not have permission to post to group railinglist. You may need to join > the group before being allowed to post, or this group may not be open to > posting. > > Visit http://groups.google.com/group/railinglist/about to join or learn more about who > is allowed to post to the group. > > Help on using Google Groups is also available at: > http://groups.google.com/support > > > ---------- Forwarded message ---------- > From: Stephen Bartholomew <steve@curve21.com> > To: rails@lists.rubyonrails.org > Date: Fri, 30 Jun 2006 12:30:10 +0200 > Subject: [Rails] Re: @foo = Bar.new(params[:foo]) > > > While doing @foo = Bar.new(params[:foo]) in a controller, the > > application is open to injection attacks. > I wouldn''t say this ''injection'' in the traditional sense of the term. > This is more about application design. As the admin switch is really > important, protect it in the model: > > attr_protected :admin > > Then provide methods to grant and revoke admin status: > > def grant_admin > admin = 1 > end > > def revoke_admin > admin = 0 > end > > Hope that helps, > > Steve > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails > > >-- rm -rf / 2>/dev/null - http://null.in
noreply@googlegroups.com
2006-Jun-30 10:40 UTC
[Rails] Posting error: Ruby On Rails mailing list archieve
You do not have permission to post to group railinglist. You may need to join the group before being allowed to post, or this group may not be open to posting. Visit http://groups.google.com/group/railinglist/about to join or learn more about who is allowed to post to the group. Help on using Google Groups is also available at: http://groups.google.com/support -------------- next part -------------- An embedded message was scrubbed... From: Dave Verwer <dave@dvhome.co.uk> Subject: [Rails] RSS::Parser Documentation Date: Fri, 30 Jun 2006 12:37:23 +0200 Size: 4074 Url: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060630/ce444c21/attachment.mht
noreply@googlegroups.com
2006-Jun-30 10:41 UTC
[Rails] Posting error: Ruby On Rails mailing list archieve
You do not have permission to post to group railinglist. You may need to join the group before being allowed to post, or this group may not be open to posting. Visit http://groups.google.com/group/railinglist/about to join or learn more about who is allowed to post to the group. Help on using Google Groups is also available at: http://groups.google.com/support -------------- next part -------------- An embedded message was scrubbed... From: Stephen Bartholomew <steve@curve21.com> Subject: [Rails] Re: If / Else Form layout question. Date: Fri, 30 Jun 2006 12:37:50 +0200 Size: 3580 Url: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060630/a021878e/attachment.mht