Sitealizer plugin vulnerable to SQL injections?

From what I’ve seen after quickly browsing through the sitealizer
(http://sitealizer.rubyforge.org/) source, it’ll make the whole
application vulnerable to SQL-injection attacks. All HTTP params are
passed directly into SQL calls without quoting.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs