Monthly Archives: December 2014
Rails SQL injection gotchas
December 30, 2014
In this post we’re gonna look at some places where it is possible to inject arbitrary SQL commands into active record queries in Ruby on Rails. ActiveRecord has pretty good protection against SQL injection, so much so that sometimes I think it lulls us into a false sense of security. We’re pretty well protected by […]
Read more