LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - News > Syndicated Linux News
User Name
Password
Syndicated Linux News This forum is for the discussion of Syndicated Linux News stories.

Notices


Reply
  Search this Thread
Old 06-06-2009, 02:20 AM   #1
LXer
LXer NewsBot
 
Registered: Dec 2005
Posts: 107,401

Rep: Reputation: 117Reputation: 117
LXer: Ruby On Rails password protection can be nullified due to flawed code


Published at LXer:

The Ruby on Rails developers have, in their blog, noted a security problem which can allow the circumvention of password protection of pages or content. This is related to the return value from the digest authentication code, authenticate_or_request_with_http_digest. This code should return true if the user is found and false if not. However the documentation was unclear, and it was possible for a developer to return nil from the method.

Read More...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Ruby on Rails 2.0 and Scaffolding LXer Syndicated Linux News 0 12-15-2007 03:50 PM
LXer: Ruby On Rails at SPIN LXer Syndicated Linux News 0 09-17-2007 02:20 PM
LXer: Ruby on Rails LXer Syndicated Linux News 0 07-03-2006 08:54 PM
LXer: Ruby on Rails LXer Syndicated Linux News 0 02-16-2006 05:16 PM
LXer: Ruby off the Rails LXer Syndicated Linux News 0 12-24-2005 05:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - News > Syndicated Linux News

All times are GMT -5. The time now is 07:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration