[Rails] SQL Injection Attacks
Marcel Molina Jr.
marcel at vernix.org
Tue Dec 7 22:46:10 GMT 2004
On Tue, Dec 07, 2004 at 09:26:59AM +1300, Michael Koziarski wrote:
> > Sounds like a good idea. I'd certainly be willing to adopt a patch that
> > provided a method for using real bind variables. Preferably, it would
> > coexist with the current sprintf formatting for backwards compatibility
> > while taking over any ? for the binds.
> >
> > Who's up for this?
>
> I'm willing to have a go at this, though my code will probably be
> filled with java-isms.
>
> Just so I'm not wasting anyone's time, is this the process I should follow:
>
> 1) Update my application to run with Edge Rails
> 2) Edit the code in vendor
> 3) svn diff -u
> 4) Attach to a trac ticket-thingy?
That sounds fine to me. Though I'd add:
2.5) Write tests
4.5) Attach tests to said trac ticket-thingy as well
Thanks!
marcel
--
Marcel Molina Jr. <marcel at vernix.org>
More information about the Rails
mailing list