Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

It is a Github issue in the fact that they didn't protect against this issue when they easily could have.


Others have made the comparison to PHP's `register_globals`.

Yes, Github had vulnerable code. It's also true that Rails apparently defaults to leaving that bit of code vulnerable. A saner default seems in order, if even highly competent Rails devs can be caught by this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: