Buffer overrun protection in Rails


I apologize for the cross-post but could really use some feedback on
this question.

I’ve got both client-side and server-side validations in place, but
wonder if I need to do more.

Specifically, …

In addition to user input via browser, my Rails app can import the same
data from XML files (using REXML). Is there a possibility of buffer
overruns as I’m reading the data from the XML files into instance
variables in the controller method, prior to submitting them to the
model for validation? I can’t seem to find a definitive statement on
buffer overrun protections in Rails. Do I need to worry about REXML
too? Or is the potential issue limited to Rails?

Thanks much for any info.

Best regards,

On Mar 12, 2007, at 4:12 PM, Bill W. wrote:

In addition to user input via browser, my Rails app can import the
Best regards,


Thankfully Rails is built on Ruby which is a interpreted language
and is therefore not succeptable to buffer overflows like any
compiled C type language is, Ruby insulated you from this stuff… The
only limit to Ruby as far as buffers go is disk space and RAM.

– Ezra Z.
– Lead Rails Evangelist
[email protected]
– Engine Y., Serious Rails Hosting
– (866) 518-YARD (9273)

Hi Ezra,

Thanks. I was hoping that, but couldn’t find anything that said as
I’ve been out of hands-on development for so long that I’m a little
where the buffer overrun comes from anyway. Back in the day, us C
programmers allocated memory as needed. Only question was heap or

I do have a follow-up if I could…

I’m planning to trim any ‘excess’ input from the XML elements and store
in the db so I can present the visitor with what they had so they can
shorten it. Is there, aside from using a BLOB, a safe way to do this in


----- Original Message -----
From: “Ezra Z.” [email protected]
To: [email protected]
Sent: Monday, March 12, 2007 6:54 PM
Subject: [Rails-deploy] Re: Buffer overrun protection in Rails