简体繁体中英

Is using RinRuby secure for web solutions?

原文 2013-05-30 15:36:20 5 1 ruby-on-rails/ r/ security

I recall from some meetups I've attended in NYC that people in bell labs were trying to work on potential security issues with R on the web. There was potential risks of code injection into a Web App if R sessions were kept alive for the user.

Now, this was presented in the context of HTML 5 and PHP, but I don't see how it would be different when using RoR with the RinRuby gem. Is there a set of rules we as developers should follow to avoid common security pitfalls when using this gem?

1 answers

R in general was not built with security in mind (see also this preprint at arXiv by Jeroen Ooms). It is also notorious for flaky parsing of numbers .

Judging from the source code (which was not updated for 2 years (!)) RinRuby doesn't seem to provide any kind of isolation from injection either - bare-bones eval is a gateway to hell, they say :)

Thus, it falls upon your shoulders to follow eg OWASP guidelines to avoid injection by carefully validating, parameterizing and whitelisting the input. Having in mind the above-mentioned quirks in parsing numbers, you have to restrict inputs to sane intervals.

Just my 2 cents...

RubyOnRails Error with gem rinruby

Serialization of R object via RinRuby

When using the 'rinruby' gem on rails, I'm so far unable to use png(“path/to/file.png”) & dev.off() to dump heatmaps etc to a folder

Using WS-Security tools to secure web applications created by the Ruby on Rails framework

Is it necessary to use as few queues as possible And solutions for web messaging

using paperclip with secure and non-secure files

convert a ruby array into an R array (within an R list) for RinRuby

Rails post xml to secure web service api

Are there any stable solutions for using Rails 3.0 and Facebook together?

How to do a secure register from my Android or iPhone app to my web services, using Facebook Login or Google+ Login in my mobile App

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question RubyOnRails Error with gem rinruby Serialization of R object via RinRuby When using the 'rinruby' gem on rails, I'm so far unable to use png(“path/to/file.png”) & dev.off() to dump heatmaps etc to a folder Using WS-Security tools to secure web applications created by the Ruby on Rails framework Is it necessary to use as few queues as possible And solutions for web messaging using paperclip with secure and non-secure files convert a ruby array into an R array (within an R list) for RinRuby Rails post xml to secure web service api Are there any stable solutions for using Rails 3.0 and Facebook together? How to do a secure register from my Android or iPhone app to my web services, using Facebook Login or Google+ Login in my mobile App

Related Tags

Is using RinRuby secure for web solutions?

Question

1 answers

solution1 1 ACCPTED 2013-06-02 13:02:28

solution1
1 ACCPTED 2013-06-02 13:02:28