Serious Restful_authentication Security Problem
Published: October 28th, 2007The plugin “restful_authenticated” has a serious security issue; the problem has been sent to the author and is now fixed in the latest build.
The potentialliy serioius security flaw was found in relation to the activation of a user. Example:
The "activate" method of the controller accepts an empty activation code parameter like this (depending on your routes):http://localhost:3006/user/activate or http://localhost:3006/activate/?activation_code=Which will create this SQL: SELECT * FROM users WHERE (users.`activation_code` IS NULL) LIMIT 1 An attacker will be able to log in w/o password and use the first account found with an empty activation_code (activated users)!
Thankfully it’s already been patched, to fix it download the new version of restful_authentication, or replace the first line of code in the activation method with this:
self.current_user = params[:activation_code].blank? ? :false : User.find_by_activation_code(params[:activation_code])
Ready. Set. Go.
In terms of the formatting, you're allowed to use markdown, textile, or basic html; it's truly up to you -- what strikes your fancy?
You don't have to worry about your e-mail address being sold to a russian-spam-mafia. I'm only going to use it for my own weird needs; like asking you out for a date on a lonely night of coding.