Far better to check the thing you actually care about (whether or
not the file is in the right directory) than to check something incidental to it (whether
or not any ???funny??? characters were used in the pathname).
SQL Injection
SQL injection is an attack against programs that do not take proper precautions
when accessing a SQL-based database. A standard example of vulnerable code is:
search = params[:q]
Person.find_by_sql %(SELECT * FROM people WHERE name = '#{search}%')
Of course, all someone has to do is search for ???'; DROP TABLE people; --???, which
yields the following statement:
SELECT * FROM people WHERE name = ''; DROP TABLE people; --%';
Everything after the -- is treated as a SQL comment (otherwise, the attempt might
cause a SQL error). First, the SELECT statement is executed; then the DROP TABLE statement
causes havoc. Ideally, the database user that executes that statement should
not have DROP TABLE privileges, but SQL injection is always damaging. There are
plenty of other attack vectors.
Ruby??™s Environment | 145
Another typical example of SQL injection is a query such as ???' OR 1 = 1; --???, which
yields:
SELECT * FROM people WHERE name = '' OR 1 = 1; --%';
This query would return all records from the people table. This can have security
implications, especially when this sort of code is found in authentication systems.
For applications written against the standard APIs, Rails is amazingly well protected
against SQL injection attacks.
Pages:
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227