November 2007
2 posts
2 tags
ActiveRecord to_xml Security Strategy
As noted on blog.wolfman.com, there is a security problem when using the scaffolded respond_to set-up. By default, all columns in a given record will be displayed.
The write-safety mechanism provided by attr_accessible doesn’t help in this situation, but having to write a custom to_xml method that steps through each of these already-whitelisted attributes is a bit silly and not very DRY.
My...
1 tag
Freaks and Geeks
Most cultural classification systems to which I’ve been privy would probably qualify me as a member of the nerd family.
For a living, I program computers. I use a dozen or so made-up, unspeakable (well, except for Ruby) languages to write stories that tell electricity how to flow across networks, through processors and from one magnetic point to another. Because I work in advertising, the last...