undefined | Better HN

0 pointsbobx1114y ago0 comments

This guy brought up the vulnerability and the maintainers didn't seem to take it seriously since he wasn't articulate enough or was not approaching them with enough respect maybe for their liking? I wish they would have kissed his ass a little to get the low-down on the vulnerability so I didn't have to worry about my company's private github repos. He deserves props for bring it up for discussion.

0 comments

cdcarter14y ago

This has been discussed since the early days of Rails, and they have chosen to leave their defaults as such and encourage developers to implement model security as needed. Github (seemingly) did not implement model security. This is a vulnerability that is different from application to application, and if the team was following best practices, is not there.

vidarh14y ago

And he's just demonstrated why this is not a responsible approach from the Rails team.

j / k navigate · click thread line to collapse

0 pointsbobx1114y ago0 comments

0 comments

cdcarter14y ago

vidarh14y ago

And he's just demonstrated why this is not a responsible approach from the Rails team.

j / k navigate · click thread line to collapse