On Thu, Jan 10, 2013 at 1:40 PM, Natarajan V <rajanvn at gmail.com> wrote:
On Jan 10, 2013 11:50 AM, "Arun Khan" <knura9 at gmail.com> wrote:
On Thu, Jan 10, 2013 at 10:49 AM, Natarajan V <rajanvn at gmail.com> wrote:
As I was telling Karthick during my session, you can never assume that
your code is secure just because you are using some framework. You
should always do your home work, and whatever measures that the
framework takes, can be broken by a very very stupid programmer :D
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I did cursorily look at the referred links and did not come across any
mention about the flaw being attributed to "stupid programming"
If a bug is a way to judge our programming abilities, then all of us
are "very very stupid programmers"
Context: during my session on security, some one told me that since RoR
takes care of security, they care the least about it and code at will. My
point is you will make a mistake if you really don't worry about security.
Sorry for the miscommunication.
