Buffer overrun protection in Rails


#1

Greetings!

I apologize for the cross-post but could really use some feedback on
this question.

I’ve got both client-side and server-side validations in place, but
wonder if I need to do more.

Specifically, …

In addition to user input via browser, my Rails app can import the same
data from XML files (using REXML). Is there a possibility of buffer
overruns as I’m reading the data from the XML files into instance
variables in the controller method, prior to submitting them to the
model for validation? I can’t seem to find a definitive statement on
buffer overrun protections in Rails. Do I need to worry about REXML
too? Or is the potential issue limited to Rails?

Thanks much for any info.

Best regards,
Bill


#2

On Mar 12, 2007, at 4:12 PM, Bill W. wrote:

In addition to user input via browser, my Rails app can import the
Best regards,
Bill

Bill-

Thankfully Rails is built on Ruby which is a interpreted language
and is therefore not succeptable to buffer overflows like any
compiled C type language is, Ruby insulated you from this stuff… The
only limit to Ruby as far as buffers go is disk space and RAM.

Cheers-
– Ezra Z.
– Lead Rails Evangelist
– removed_email_address@domain.invalid
– Engine Y., Serious Rails Hosting
– (866) 518-YARD (9273)


#3

Hi Ezra,

Thanks. I was hoping that, but couldn’t find anything that said as
much.
I’ve been out of hands-on development for so long that I’m a little
confused
where the buffer overrun comes from anyway. Back in the day, us C
programmers allocated memory as needed. Only question was heap or
stack.

I do have a follow-up if I could…

I’m planning to trim any ‘excess’ input from the XML elements and store
them
in the db so I can present the visitor with what they had so they can
shorten it. Is there, aside from using a BLOB, a safe way to do this in
MySQL?

Thanks,
Bill

----- Original Message -----
From: “Ezra Z.” removed_email_address@domain.invalid
To: removed_email_address@domain.invalid
Sent: Monday, March 12, 2007 6:54 PM
Subject: [Rails-deploy] Re: Buffer overrun protection in Rails