RubyFlow The Ruby and Rails community linklog

×

The Ruby and Rails community linklog

Made a library? Written a blog post? Found a useful tutorial? Share it with the Ruby community here or just enjoy what everyone else has found!

Security hole found in Rails 2.3's http_authentication.rb

by n8dog

A hole that I believe could be a MAJOR deal for anyone using digest authentication in Rails 2.3 with the new http_authentication.rb code and who followed the simple Digest example from the rdoc, or the blog entry introducing it.

Comments

a serious discussion on the subject is running at Hacker News: http://news.ycombinator.com/item?id=640235 again the rails community is acting weirdly, to not use a harder expression. please check also a similar current issue in the Arc language / Hacker News engine and take it as a good example: http://news.ycombinator.com/item?id=639976

cs

sigh

mileszs

“Weirdly” indeed. The comments on the Riding Rails blog post certainly make interesting reading.

RicRoberts

Post a comment

You can use basic HTML markup (e.g. <a>) or Markdown.

As you are not logged in, you will be
directed via GitHub to signup or sign in