Questions about this topic? Sign up to ask in the talk tab.

Mass Assignment

From NetSec
Jump to: navigation, search
RPU0j.png This type of code is responsible for many vulnerabilities. Do not use this code in your applications ever.

Ruby

Typically used in Ruby on Rails, sometimes people will use the following code to create an ActiveRecord object to add a database entry:

<syntaxhighlight lang=ruby>

@user=User.new(params[:user])

</syntaxhighlight>

There have been problems with RoR in the past with mass assignment.

PHP

 
<?php
    $object = new object();
    foreach ($_REQUEST as $property => $value) {
        $object->$property = $value;
    }
?>
 

Python

 
object = Object().locals().update(dict)
 
Mass Assignment is part of a series on programming.
This article contains too little information, it should be expanded or updated.
Things you can do to help:
  • add more content.
  • update current content.