Will It Inject? A Look at SQL Injection and ActiveRecord

Cite

Confreaks, LLC

Rudder, Jessica

Formal Metadata

Title

Will It Inject? A Look at SQL Injection and ActiveRecord

Title of Series

RailsConf 2016

Part Number

Number of Parts

Author

Rudder, Jessica

License

CC Attribution - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this

Identifiers

10.5446/31573 (DOI)

Publisher

Confreaks, LLC

Release Date

2016

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

If you've struggled through writing complex queries in raw SQL, ActiveRecord methods are a helpful breath of fresh air. If you're not careful though, those methods could potentially leave your site open to a nasty SQL Injection attack. We'll take a look at the most common ActiveRecord methods (and some of the lesser known ones!) with one question in mind....will it inject? If it's vulnerable to a SQL injection attack, we'll cover how to structure your query to keep your data secure.