|
|
|
|
|
|
by bryanbibat
5213 days ago
|
|
|
Er.. that's because there's nothing malicious an attacker can do with the mass-assignment vulnerability in the "Hello Rails" app? Being able to change the :id or timestamps of the post isn't anywhere near the SQL injection vulnerabilities I've seen in many tutorials in other languages/frameworks. I agree, though, I wouldn't recommend Rails to people who can't bother to read documentation. |
|
|