Rory McCune’s profile

Security Geek, Penetration Testing and director at ScotSTS Ltd.

Latest Comments


Interesting post. One thing to note though is that Mass Assignment isn't uniquely a Rails problem, other MVC frameworks can have it as well..

would be one example.

Also I was surprised that github had this kind of problem. Mass assigment should be a well known security issue in the rails community, there have been presentations mentioning it as an issue going back to 2007

Posted in Hacking Rails (and GitHub).

Wed, 07 Mar 2012 at 16:59:50 GMT


  • Twitter: @raesene
  • Location: Scotland
  • Joined: March 2012
  • Comments: 1