Displaying 1 result from an estimated 1 matches for "hvfx2molnou".
2011 Nov 22
4
A "strict Arel" mode for ActiveRecord to prevent SQL injection vulnerabilities
Hello rubyonrails-core,
I’ve been looking into possible changes to ActiveRecord / Arel to make it
easier to write Rails applications that are free of SQL injection
vulnerabilities, and in particular do so in a way that makes it easy for a
code reviewer to verify that the app is safe from such bugs.
The concern:
-----------------
With the ActiveRecord API as is, it’s relatively easy to write