Forum: Rails deployment Buffer overrun protection in Rails

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
2b891e820c238ded365d035771603f21?d=identicon&s=25 Bill Walton (Guest)
on 2007-03-13 00:13
(Received via mailing list)
Greetings!

I apologize for the cross-post but could really use some feedback on
this question.

I've got both client-side and server-side validations in place, but
wonder if I need to do more.

Specifically, ...

In addition to user input via browser, my Rails app can import the same
data from XML files (using REXML).  Is there a possibility of buffer
overruns as I'm reading the data from the XML files into instance
variables in the controller method, prior to submitting them to the
model for validation?  I can't seem to find a definitive statement on
buffer overrun protections in Rails.  Do I need to worry about REXML
too?  Or is the potential issue limited to Rails?

Thanks much for any info.

Best regards,
Bill
6076c22b65b36f5d75c30bdcfb2fda85?d=identicon&s=25 Ezra Zygmuntowicz (Guest)
on 2007-03-13 00:55
(Received via mailing list)
On Mar 12, 2007, at 4:12 PM, Bill Walton wrote:

> In addition to user input via browser, my Rails app can import the
> Best regards,
> Bill

Bill-

  Thankfully Rails is built on Ruby which is a interpreted language
and is therefore not succeptable to buffer overflows like any
compiled C type language is, Ruby insulated you from this stuff.. The
only limit to Ruby as far as buffers go is disk space and RAM.

Cheers-
-- Ezra Zygmuntowicz
-- Lead Rails Evangelist
-- ez@engineyard.com
-- Engine Yard, Serious Rails Hosting
-- (866) 518-YARD (9273)
2b891e820c238ded365d035771603f21?d=identicon&s=25 Bill Walton (Guest)
on 2007-03-13 02:35
(Received via mailing list)
Hi Ezra,

Thanks.  I was hoping that, but couldn't find anything that said as
much.
I've been out of hands-on development for so long that I'm a little
confused
where the buffer overrun comes from anyway.  Back in the day, us C
programmers allocated memory as needed.  Only question was heap or
stack.

I do have a follow-up if I could...

I'm planning to trim any 'excess' input from the XML elements and store
them
in the db so I can present the visitor with what they had so they can
shorten it.  Is there, aside from using a BLOB, a safe way to do this in
MySQL?

Thanks,
Bill


----- Original Message -----
From: "Ezra Zygmuntowicz" <ezmobius@gmail.com>
To: <rubyonrails-deployment@googlegroups.com>
Sent: Monday, March 12, 2007 6:54 PM
Subject: [Rails-deploy] Re: Buffer overrun protection in Rails
This topic is locked and can not be replied to.