Tag Archives: rails

Rails SQL Injection

A serious security vulnerability in all released versions of Rails was announced on the Ruby on Rails Security list on January second. You can read more about the details in the original post here and follow the CVE case here. The short version is that all extant versions of the ActiveRecord ORM were vulnerable to […]

Leave a comment

Broken Migrations and Missing schema.rb

ActiveRecord Migrations are slick.  They allow easy access to a powerful database with minimal knowledge of SQL, and they promise an easy way to reconstruct a DB schema.  Unfortunately, they’re fragile in the face of large teams and code that has changed significantly. Migrations and schema.rb There are two ways migrations can reconstruct a schema into a […]

Leave a comment