[Rails] Am I opening myself to some security vulnerability if I
unprotect the Controller classes' redirect methods?
Eric Hodel
drbrain at segment7.net
Sat Jan 1 02:42:38 GMT 2005
On 31 Dec 2004, at 01:53, Thomas Counsell wrote:
> Am I opening myself to some security vulnerability if I unprotect the
> Controller classes' redirect methods?
>
> I merrily wrote a (specific to my university) authentication filter as
> a separate class. As part of the authentication process it needs to
> re-direct the user to a university server to log in. This all works
> fine except that the redirect_to methods of a controller are all
> protected.
>
> This is easy to overcome, but am I likely to make myself vulnerable
> by having public redirect methods on a controller class?
No. private and protected in Ruby only exist to prevent foot-shooting.
class X; private; def a; end; end
x = X.new
begin
x.a
rescue NoMethodError
puts "nope!"
end
class X; public :a; end
x.a
--
Eric Hodel - drbrain at segment7.net - http://segment7.net
FEC2 57F1 D465 EB15 5D6E 7C11 332A 551C 796C 9F04
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://one.textdrive.com/pipermail/rails/attachments/20041231/2678c193/PGP.bin
More information about the Rails
mailing list