Issue #5228: Mass assignment vulnerability - how to force dev. define attr_accesible? · rails/rails · GitHub
DrPizza commented 2 days ago
Dear Rails people,
Have you learned nothing?
"Insecure-by-default" means "insecure". Trusting the programmer to fix things up and make them secure has never worked.
You guys have reinvented strcpy(). Way to go.
But here’s the dirty little secret of Rails development: the messiest, nastiest big-ball-of-mud code I have seen in my entire career has been in Ruby on Rails projects. I’ve seen Rails projects that accumulated enough technical debt and waste in two years to make 10 year-old C/C++ programs look clean and elegant by comparison. And it wasn’t just one project. I’ve seen it over and over.
C'est le pouvoir de la magie : plus le code est mystique, moins il est touchable.
Twitter is currently tackling some problems with profile images. As of now, people are having trouble with adding new images (they don't upload) or removing images (they don't delete.) Others have seen a sudden shift from their current image to an old image used before.
Depuis deux mois, Twitter a du mal avec l'upload d'images. Une centaine de personnes ayant rencontré le bug se sont manifestées dans les commentaires. Visiblement, c'est difficile à corriger l'upload de fichier en Ruby on Rails.
Ruby on Rails ne payait pas pour tout le monde.
When you combine stupid businesses with stupid people using a stupid framework based on a big fat fucking lie on a shitty platform you get the perfect storm of dumbfuck where a man like me can’t find work.