RubyFlow : The Ruby Community Blog

Home   Submit   Sign Up   Log In   leaders   Twitter   RSS Feed  
 

Avoiding SQL Injection in Rails

I promise this is not related to or prompted by the Rails CVEs today - just coincidental timing.

I've put a small blog post together about rails-sqli.org, a list of dangerous methods in ActiveRecord. The list includes example queries and injection code.

In addition, you can play with injecting code into the same examples by cloning the code repo and running it locally.

Comments

Post a Comment

Comment abilities for non registered users are currently deactivated, pending time to add a proper CAPTCHA to solve the escalating spam problem. Sorry!