I thought to use the taint/untaint mechanisme included with ruby to enhance security in zena. I have read that using taint is not that good for the following reasons: * It''s not working on certain implementations of ruby (JRuby, IronRuby, ...) * It''s a lot of work to make work (lots of tiny taint management code everywhere) I think I will just abandon this "taint" idea and continue writing careful code and tests. What do you think ? Gaspard ------- project: zena CMS (http://zenadmin.org) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Gaspard Bucher a écrit, le 09/23/2008 12:36 PM :> I thought to use the taint/untaint mechanisme included with ruby to > enhance security in zena. I have read that > using taint is not that good for the following reasons: > > * It''s not working on certain implementations of ruby (JRuby, > IronRuby, ...) > * It''s a lot of work to make work (lots of tiny taint management code > everywhere) > > I think I will just abandon this "taint" idea and continue writing > careful code and tests. > > What do you think ? >safe_erb uses tainted? to make sure you properly sanitize the various inputs of your application. You might want to look at it. I prefer to use it during development and tests to raise exceptions and disable it in production to avoid any performance penalty or unwanted errors (which would mean tests are missing, but I prefer rcov to user error reports helping me get good test coverage :-) ). Just google for it. Lionel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Le 23 sept. 08 à 13:30, Lionel Bouton a écrit :> > Gaspard Bucher a écrit, le 09/23/2008 12:36 PM : >> I thought to use the taint/untaint mechanisme included with ruby to >> enhance security in zena. I have read that >> using taint is not that good for the following reasons: >> >> * It''s not working on certain implementations of ruby (JRuby, >> IronRuby, ...) >> * It''s a lot of work to make work (lots of tiny taint management code >> everywhere) >> >> I think I will just abandon this "taint" idea and continue writing >> careful code and tests. >> >> What do you think ? >> > > safe_erb uses tainted? to make sure you properly sanitize the various > inputs of your application. You might want to look at it.safe_erb is a nice idea, but it still means you have to untaint each time you do a sanity check like return parser_error("invalid name #{name.inspect}") unless name =~ / ^[a-zA-Z_]$/ name.untaint # <<< line to add ... You cannot remove these lines (with some kind of conditional compilation) in production mode, and you still have to write them... I''m not sure if it''s worth the effort and performance impact... Hmmm...> > Just google for it. > > Lionel > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Gaspard Bucher a écrit, le 09/24/2008 10:11 AM :> Le 23 sept. 08 à 13:30, Lionel Bouton a écrit : > > >> Gaspard Bucher a écrit, le 09/23/2008 12:36 PM : >> >>> I thought to use the taint/untaint mechanisme included with ruby to >>> enhance security in zena. I have read that >>> using taint is not that good for the following reasons: >>> >>> * It''s not working on certain implementations of ruby (JRuby, >>> IronRuby, ...) >>> * It''s a lot of work to make work (lots of tiny taint management code >>> everywhere) >>> >>> I think I will just abandon this "taint" idea and continue writing >>> careful code and tests. >>> >>> What do you think ? >>> >>> >> safe_erb uses tainted? to make sure you properly sanitize the various >> inputs of your application. You might want to look at it. >> > safe_erb is a nice idea, but it still means you have to untaint each > time you do a sanity check like > return parser_error("invalid name #{name.inspect}") unless name =~ / > ^[a-zA-Z_]$/ > name.untaint # <<< line to add >Yes nothing is free.> ... > > You cannot remove these lines (with some kind of conditional > compilation)Compilation ? What you do is simply redefine your sanitizing method (that you should already have by the way) to untaint in dev mode, no more no less. safe_erb does it for html_escape, escape_once and strip_tags for example. In production there''s zero impact : you original sanitizing methods run unmodified and you don''t even have to put safe_erb in vendor/plugins there. This is how it works for us. Lionel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
>>> >> safe_erb is a nice idea, but it still means you have to untaint each >> time you do a sanity check like >> return parser_error("invalid name #{name.inspect}") unless name =~ / >> ^[a-zA-Z_]$/ >> name.untaint # <<< line to add >> > > Yes nothing is free. > >> ... >> >> You cannot remove these lines (with some kind of conditional >> compilation) > > Compilation ? > > What you do is simply redefine your sanitizing method (that you should > already have by the way) to untaint in dev mode, no more no less. > safe_erb does it for html_escape, escape_once and strip_tags for > example. > In production there''s zero impact : you original sanitizing methods > run > unmodified and you don''t even have to put safe_erb in vendor/plugins > there. > > This is how it works for us.Ok, you solved the "conditional compilation" problem by wrapping all cleanup code in some generic methods that you redefine. It makes sense. Thanks. Gaspard --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---