Gaspard Bucher wrote:
> The problem with code in the database is ... the database. If there is
> a vulnerability in the way you store things in the database, a
> malicious user could execute arbitrary code on your server through the
> pipe you open.
> 
> a.instance_eval "`uname -a`" ---> print system name
> a.instance_eval "`whoami`" ---> print user name
> ... explore, find a security weakness, create an account, go in and
> steal the house !
> 
> It is good practice to keep some doors closed, just in case.
> 
> Gaspard
> 
> 2008/4/4, Peter Marks <petertmarks / gmail.com>:

Thanks for your response Gaspard. The code entering part of my app is 
only for my app's backend and will not be publicly accessible. I 
definitely need to take measures to ensure it stays that way though.
-- 
Posted via http://www.ruby-forum.com/.