0
comment
on 2/4/2013 12:03 PM
YAML’s security risks are in no way limited to Rails or Ruby. YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution. It’s Not Just Ruby A few weeks ago, I had a need to parse Jasmine’s jasmine.yml in some C# code. I spent some time looking at [...]
>> Read the full article on blogs.teamb.com
.
IntelliFactory Offices Copyright (c) 2011-2012 IntelliFactory. All rights reserved.
Home | Products | Consulting | Trainings | Blogs | Jobs | Contact Us
Built with WebSharper