Showing posts tagged #ruby on rails

Return Home

The Ruby on Rails framework provides a pretty good built-in filter for SQL injection if you use ActiveRecord methods such as find or find_by.
But that does not mean you can carelessly throw parameters to an ActiveRecord method as the methods that take an SQL fragment are still vulnerable

Read More