We have our own model binder implementation (with circuit breakers) and UI frame... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		meaty on Feb 11, 2013 \| parent \| context \| favorite \| on: Ruby on Rails vulnerable to mass assignment and SQ... We have our own model binder implementation (with circuit breakers) and UI framework and are using mvc3. And yes we're always fully patched.

gregors on Feb 11, 2013 [–]

Really that's the point I'm trying to make. The default path in MVC isn't exactly secure. There is work to be done. I'd consider this particular rails update in line with a patch Tuesday update. Though I will say, I wish they had a better way of communicating when updates were available.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact