Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Mass Assignment"

From NetSec
Jump to: navigation, search
 
Line 1: Line 1:
 +
{{Warning|This type of code is responsible for many [[vulnerability|vulnerabilities]]. Do not use this code in your [[application]]s ever.}}
 +
 
== [[Ruby]] ==
 
== [[Ruby]] ==
 
Typically used in [[Ruby on Rails]], sometimes people will use the following code to create an ActiveRecord object to add a [[database]] entry:
 
Typically used in [[Ruby on Rails]], sometimes people will use the following code to create an ActiveRecord object to add a [[database]] entry:

Latest revision as of 05:13, 22 October 2012

RPU0j.png This type of code is responsible for many vulnerabilities. Do not use this code in your applications ever.

Ruby

Typically used in Ruby on Rails, sometimes people will use the following code to create an ActiveRecord object to add a database entry:

<syntaxhighlight lang=ruby>

@user=User.new(params[:user])

</syntaxhighlight>

There have been problems with RoR in the past with mass assignment.

PHP

 
<?php
    $object = new object();
    foreach ($_REQUEST as $property => $value) {
        $object->$property = $value;
    }
?>
 

Python

 
object = Object().locals().update(dict)
 
Mass Assignment is part of a series on programming.
This article contains too little information, it should be expanded or updated.
Things you can do to help:
  • add more content.
  • update current content.