Questions about this topic? Sign up to ask in the talk tab.
Mass Assignment
From NetSec
|
This type of code is responsible for many vulnerabilities. Do not use this code in your applications ever. |
Ruby
Typically used in Ruby on Rails, sometimes people will use the following code to create an ActiveRecord object to add a database entry:
|
<syntaxhighlight lang=ruby> @user=User.new(params[:user]) </syntaxhighlight> |
There have been problems with RoR in the past with mass assignment.
PHP
<?php $object = new object(); foreach ($_REQUEST as $property => $value) { $object->$property = $value; } ?> |
Python
object = Object().locals().update(dict) |
Mass Assignment is part of a series on programming.
| This article contains too little information, it should be expanded or updated. |
|---|
Things you can do to help:
|
