On Feb 16, 2006, at 9:15 PM, Joe wrote:
Tom M. wrote:
Certainly you’re not suggesting that scaffolding should
somehow generate secure code?
Is that like saying OSX shouldn’t be secure out of the box?
No, but it seems that you’re saying that XCode shouldn’t allow
you to write insecure code.
OS X out of the box is a user environment. The fact that the
initial account (which the vast majority of OS X users use as
their primary account) has the ability to write into the
/Applications directory is an example of how wrong you are in
that assertion, though.
Rails, by default, is not an application generator. The scaffold
feature was named scaffold for a reason. Notice it’s not called
final_application, secure_as_hell, batteries_included, or
From the Oxford American Dictionary:
a temporary structure (snip) used
by workers while building (snip)
How in the world might a feature designed to get a quick
scaffold in place be able to guess which DB columns might
need to be secured against “form stuffing?”
What is it you’re asking for, and what was your point, other
than your admittedly interesting suggestion about safe mode?
Whenever people drag on about these subjects, I *always* wonder
if they have any sharp tools at their house? Knives, scissors,
forks, Skill saws, Chain Saws, etc. are just so damn dangerous!
It seems that the safe is better than sorry folks, have someone
taken that term to mean "So safe it's impossible to hurt
However, I must admit the ultra safe folks got this one right:
– Tom M.