> You are going to have problems with this whenever you are composing SQL st... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jrochkind1 on Jan 3, 2013 | parent | context | favorite | on: SQL Injection Vulnerability in Ruby on Rails; affe...

> You are going to have problems with this whenever you are composing SQL statement with any type of user-provided data as part of the raw SQL string passed to the server.

True, but Rails is not doing that, was never doing that, and the patch has nothing to do with this. So you're talking about something unrelated to this security flaw.

numbsafari on Jan 3, 2013 [–]

I'm confused. If it's not doing that, and was never doing that, then how does an HTTP cookie's value end up injected into a SQL statement generated by Rails?

Consider applying for YC's Summer 2025 batch! Applications are open till May 13
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact