Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Ruby
Fetching latest commit…
Cannot retrieve the latest commit at this time.
| Failed to load latest commit information. | |||
|
lib | ||
|
|
tasks | ||
|
|
test | ||
|
|
MIT-LICENSE | ||
|
|
README | ||
|
|
Rakefile | ||
|
|
init.rb | ||
|
|
install.rb | ||
|
|
uninstall.rb | ||
README
= Safe Record
== Overview
Safe Record is a Rails plugin to detect potential SQL injection
vulenerabilities with the taint mechanism of Ruby. It will raise an
exception when a tainted string is passed as SQL.
Safe Record is experimental, so do NOT use in a production environment.
== Example
# raises an exception!!
post = Post.find(:first,
:conditions => "title = '#{params[:title]}'")
# OK :)
post = Post.find(:first,
:conditions => [
"title = ?",
params[:title]
])
# Good :)
post = Post.find_by_title(params[:title])
== Installation
This plugin depends on a Rails plugin, Safe ERB.
((<URL|http://wiki.rubyonrails.com/rails/pages/Safe+ERB>))
Please perform the following steps to install Safe ERB and Safe Record.
(1) install Safe ERB
$ script/plugin install \
http://safe-erb.rubyforge.org/svn/plugins/safe_erb/
(2) install Safe Record
$ script/plugin install \
git://github.com/authorNari/safe_record.git
== Original Author
Shugo Maeda
== Maintainer
Narihiro Nakamura
== Special Thanks
Shinya Kasatani (the author of Safe ERB)
== Contact
Narihiro Nakamura <authorNari at gmail.com>