Hacker News new | ask | show | jobs
by vvnraman 5213 days ago
I don't think he can be blamed too much though. As per the bug filed here - https://github.com/rails/rails/issues/5228, the bug was being closed by others after being given a cursory look, and was being reopened again for consideration. Maybe a little immature, but there was a mild provocation.
2 comments
sirclueless 5213 days ago
Exactly. The guy might not have the best English or highest level of maturity, but it's not like he found a flaw and ran around saying, "Haha, look what I can do!" with no justification.

He submitted a security flaw to the Rails issue tracker. It was shut down by committers saying, "This isn't a real flaw, it's everyone's responsibility to secure their own apps."

At that point, a reasonable response is, "Yes it is, you dummies. Watch as I use it to pwn multiple high-profile production rails sites."

link
sounds 5213 days ago
Although it's risky to impute motives, I really think it was intentional that he pwned...

_rails_ _git_ _master_

link
mofey 5213 days ago
Hey, how come there are no comments by @dhh and @josevalim? Are we missing out on epicness of zedshaw-level?
link
mofey 5213 days ago 

  Fred Wu
  So what's a good gem (if any) for safe guarding params on the controller level? @dhh's params.slice feels too dirty.
  DHH ‏
  yeah, it's too simple to be clean! I think you are using the wrong framework if you crave more complexity for its own sake.
link