てきとうなメモ

本の感想とか技術メモとか

Rails

X-Forwarded-Hostヘッダの扱い

Railsで自分のサーバ名を知ろうとしてrequest.host_with_portを使おうとして、多段reverse proxy下だったのでめんどうなことになった。Rails(Rack)だと def host_with_port if forwarded = @env["HTTP_X_FORWARDED_HOST"] forwarded.split(/,\s?/).last else…

RailsのSQLインジェクション脆弱性

Rails SQL injection vulnerability: hold your horses, here are the facts – Phusion Corporate BlogPhusion Corporate Blog Let Me Github That For You | Lands of Packets CVE - CVE-2012-5664 (under review) User.find_by_name('foo', :select => 'id…

脆弱性を突いてGitHubにアクセスしたユーザがGithubアカウントを一時停止される

At 8:49am Pacific Time this morning a GitHub user exploited a security vulnerability in the public key update form in order to add his public key to the rails organization. He was then able to push a new file to the project as a demonstrat…