undefined | Better HN

0 pointspdufour14y ago0 comments

It is a Github issue in the fact that they didn't protect against this issue when they easily could have.

0 comments

Others have made the comparison to PHP's `register_globals`.

Yes, Github had vulnerable code. It's also true that Rails apparently defaults to leaving that bit of code vulnerable. A saner default seems in order, if even highly competent Rails devs can be caught by this.

j / k navigate · click thread line to collapse

0 pointspdufour14y ago0 comments

It is a Github issue in the fact that they didn't protect against this issue when they easily could have.

0 comments

ceejayoz14y ago

Others have made the comparison to PHP's `register_globals`.

Yes, Github had vulnerable code. It's also true that Rails apparently defaults to leaving that bit of code vulnerable. A saner default seems in order, if even highly competent Rails devs can be caught by this.

j / k navigate · click thread line to collapse