Questions about this topic? Sign up to ask in the talk tab.

Mass Assignment

From NetSec
Revision as of 05:13, 22 October 2012 by Rochell4259 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
RPU0j.png This type of code is responsible for many vulnerabilities. Do not use this code in your applications ever.

Ruby

Typically used in Ruby on Rails, sometimes people will use the following code to create an ActiveRecord object to add a database entry:

<syntaxhighlight lang=ruby>

@user=User.new(params[:user])

</syntaxhighlight>

There have been problems with RoR in the past with mass assignment.

PHP

 
<?php
    $object = new object();
    foreach ($_REQUEST as $property => $value) {
        $object->$property = $value;
    }
?>
 

Python

 
object = Object().locals().update(dict)
 
Mass Assignment is part of a series on programming.
This article contains too little information, it should be expanded or updated.
Things you can do to help:
  • add more content.
  • update current content.