Text after id in URL (security issue?)

I’m a bit of a newbie, so I hope this isn’t an already-answered

A URL of the form
shows the 25th “item”, but I’ve just noticed that
also displays this same item.

Q: is this a security concern, e.g. for SQL injection? Also, in the
spirit of decreasing the temptation of hackers, is there a way to
cause an error to be generated for such URLs, throughout a site?

IIRC, when you do a Model.find(param[:id]), the string is converted to
int via to_i. When ruby does the conversion, it grabs the 2, then the 5
then sees garbage and returns a 25. If you passed a string of just
the conversion would fail and you would get an exception.

Stephen G.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs