Monthly Archives: December 2014

Rails SQL injection gotchas

December 30, 2014 / by

In this post we’re gonna look at some places where it is possible to inject arbitrary SQL commands into active record queries in Ruby on Rails. ActiveRecord has pretty good protection against SQL injection, so much so that sometimes I think it lulls us into a false sense of security. We’re pretty well protected by […]

Read more