The variable $SAFE determines Ruby's level of paranoia. Now it has 5 different values to protest against "Security Vulnerabilities". Now Can any present some real time scenarios by which it can be easily understandable how the $SAFE defined values performing for which they are set or when should we set what value out of 5? Now also in what situation we should think of lowering the SAFE level values or increasing the same? Thanks
on 2013-01-11 16:30
on 2013-01-11 17:20
On Fri, Jan 11, 2013 at 4:31 PM, Arup Rakshit <lists@ruby-forum.com> wrote: > The variable $SAFE determines Ruby's level of paranoia. Now it has 5 > different values to protest against "Security Vulnerabilities". Now Can > any present some real time scenarios by which it can be easily Do you mean "real world" scenarios? > understandable how the $SAFE defined values performing for which they > are set or when should we set what value out of 5? A bit dated but probably still mostly correct http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html > Now also in what situation we should think of lowering the SAFE level > values or increasing the same? You cannot lower it - for security reasons. Typically you will create a separate thread increase $SAFE there and do the potentially harmful operations that you want to guard. Kind regards rpbert
on 2013-01-11 19:02
Robert Klemme wrote in post #1091954: > On Fri, Jan 11, 2013 at 4:31 PM, Arup Rakshit <lists@ruby-forum.com> > wrote: >> The variable $SAFE determines Ruby's level of paranoia. Now it has 5 >> different values to protest against "Security Vulnerabilities". Now Can >> any present some real time scenarios by which it can be easily > > Do you mean "real world" scenarios? Yes i was looking for "real world" scenarios,so that i can get the core value of this topic in my nerve. Really interested to know about this one. When we need to think of such concept,how to use and if not used what can be happened and when used how the risk can be optimized/removed - that's all my i am eager to know. Thanks,
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.