Kris Leech wrote:
> Patrick Hurley wrote:
>> On 6/16/06, Austin Ziegler <halostatue / gmail.com> wrote:
>>> That's not the point of ZenObfuscate. It doesn't turn Ruby into a
>>> "static" language. If you want to prevent code injection, you need to
>>> defend against it in your application.
>> 
>> I believe that the injection he is talking about after the application
>> is deployed with rails still in plain text view, having someone open
>> the rails files and add code that could over write methods, etc. 
> 
> Yes that is what I talk of.

But if anyone has access to the files comprising the application, they 
could completely replace the files with whatever they wanted.  Even 
compiled/ofuscated code isn't a remedy for that.

> Anyone with a basic understanding of Ruby/Rails could insert code access 
> the database using activerecord.

Actually, anyone with access to the database could modify the database 
without needing to go through activerecord.

If you are worried about these things, then (1) control access to the 
program files, and (2) control access to the database.

-- Jim Weirich


-- 
Posted via http://www.ruby-forum.com/.