diff options
author | David Heinemeier Hansson <david@loudthinking.com> | 2004-12-06 18:08:35 +0000 |
---|---|---|
committer | David Heinemeier Hansson <david@loudthinking.com> | 2004-12-06 18:08:35 +0000 |
commit | 2575b3b065258162484ebbd2c809d5aa4ced56c7 (patch) | |
tree | 7ca3d64f0953e317d3226498ff7b219ebf09d8e1 | |
parent | 6cc961555d723e23a8a932398fe2aa2073cb8d6e (diff) | |
download | rails-2575b3b065258162484ebbd2c809d5aa4ced56c7.tar.gz rails-2575b3b065258162484ebbd2c809d5aa4ced56c7.tar.bz2 rails-2575b3b065258162484ebbd2c809d5aa4ced56c7.zip |
Added extra words of caution for guarding against SQL-injection attacks
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@46 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-rwxr-xr-x | activerecord/lib/active_record/base.rb | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 8b09c60c53..1ebc843274 100755 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -71,10 +71,14 @@ module ActiveRecord #:nodoc: # end # end # - # The +authenticate_unsafely+ method inserts the parameters directly into the query and is thus susceptible to SQL-injection - # attacks if the +user_name+ and +password+ parameters come directly from a HTTP request. The +authenticate_safely+ method, on - # the other hand, will sanitize the +user_name+ and +password+ before inserting them in the query, which will ensure that + # The <tt>authenticate_unsafely</tt> method inserts the parameters directly into the query and is thus susceptible to SQL-injection + # attacks if the <tt>user_name</tt> and +password+ parameters come directly from a HTTP request. The <tt>authenticate_safely</tt> method, + # on the other hand, will sanitize the <tt>user_name</tt> and +password+ before inserting them in the query, which will ensure that # an attacker can't escape the query and fake the login (or worse). + # + # Beware, that the approach used in <tt>authenticate_unsafely</tt> is basically just a wrapped call to sprintf. This means that you + # still have to quote when using %s or use %d instead. So find_first([ "firm_id = %s", firm_id ]) is _not_ safe while both + # find_first([ "firm_id = '%s'", firm_id ]) and find_first([ "firm_id = %d", firm_id ]) are. # # == Overwriting default accessors # |