All geek questions in one place

What vulnerabilities are possible in ruby ​​with $ SAFE = 4?

What vulnerabilities are possible in a ruby ​​with $ SAFE = 4? From the very beginning, I know that XSRF is possible, because the attack has nothing to do with "stained variables", but rather where the http request comes from. I know that using weak cryptographic algorithms such as md5 () will not be obtained. Do you know about others? Code examples are much appreciated!

+3
source share
2 answers

In $ SAFE = 4, an almost unlimited set of vulnerabilities is possible. Nothing can protect you from all the arbitrary bad things you can do for this code. For example, you can do all kinds of dumb things with confidential data in the database, if you are not careful no matter what mode $ SAFE is for web applications, in fact this should be a much more serious problem than what $ SAFE helps you with. $ SAFE dramatically protects you from one common thing that you can do wrong, leaving everyone else open. See last year's Underhanded C Contest winner:

, . , lint. C-; , , , .

+3

, , DOS' 4, ,

Thread.new do
   Thread.critical = true
   9999999999999 ** 999999999999 # DOS!
end
+2

Source: https://habr.com/ru/post/1730449/

More articles:


All Articles