Forum: Ruby on Rails text after id in URL (security issue?)

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
94d4d7d1b78391266fea8e739c9405c5?d=identicon&s=25 dankelley (Guest)
on 2007-02-22 13:22
(Received via mailing list)
I'm a bit of a newbie, so I hope this isn't an already-answered

A URL of the form
shows the 25th "item", but I've just noticed that
also displays this same item.

Q: is this a security concern, e.g. for SQL injection?  Also, in the
spirit of decreasing the temptation of hackers, is there a way to
cause an error to be generated for such URLs, throughout a site?
B5259d7e4a3095ef961469d132880b94?d=identicon&s=25 Stephen Gerstacker (Guest)
on 2007-02-22 15:23
(Received via mailing list)
IIRC, when you do a Model.find(param[:id]), the string is converted to
int via to_i.  When ruby does the conversion, it grabs the 2, then the 5
then sees garbage and returns a 25.  If you passed a string of just
the conversion would fail and you would get an exception.

Stephen Gerstacker
This topic is locked and can not be replied to.