Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Mass Assignment"
From NetSec
Rochell4259 (Talk | contribs) |
|||
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
| + | {{Warning|This type of code is responsible for many [[vulnerability|vulnerabilities]]. Do not use this code in your [[application]]s ever.}} | ||
| + | |||
== [[Ruby]] == | == [[Ruby]] == | ||
Typically used in [[Ruby on Rails]], sometimes people will use the following code to create an ActiveRecord object to add a [[database]] entry: | Typically used in [[Ruby on Rails]], sometimes people will use the following code to create an ActiveRecord object to add a [[database]] entry: | ||
| Line 19: | Line 21: | ||
?> | ?> | ||
</source>}} | </source>}} | ||
| + | |||
| + | == [[Python]] == | ||
| + | |||
| + | |||
| + | {{code|text=<source lang="python"> | ||
| + | object = Object().locals().update(dict) | ||
| + | </source>}} | ||
| + | |||
{{programming}} | {{programming}} | ||
{{expand}} | {{expand}} | ||
Latest revision as of 05:13, 22 October 2012
|
This type of code is responsible for many vulnerabilities. Do not use this code in your applications ever. |
Ruby
Typically used in Ruby on Rails, sometimes people will use the following code to create an ActiveRecord object to add a database entry:
|
<syntaxhighlight lang=ruby> @user=User.new(params[:user]) </syntaxhighlight> |
There have been problems with RoR in the past with mass assignment.
PHP
<?php $object = new object(); foreach ($_REQUEST as $property => $value) { $object->$property = $value; } ?> |
Python
object = Object().locals().update(dict) |
Mass Assignment is part of a series on programming.
| This article contains too little information, it should be expanded or updated. |
|---|
Things you can do to help:
|
