Without Book Interview Questions and Answers | Online Test | Moct Test
Download Android App in your Android Device from Google Play Store
- Search for "Withoutbook Practice Exam Test" in Mobile/Tablet Play Store
Institute Training Search by Name or Email

Exams Attended

Make Homepage

Bookmark this page

Subscribe Email Address

Ruby On Rails Interview Questions and Answers

Ques. HOW CAN YOU SAFEGUARD A RAILS APPLICATION FROM SQL INJECTION ATTACK?
Ans.

Rails already has the logic built into it to prevent SQL injection attacks if you follow the right syntax. 

Say you are trying to authenticate a user based on their login and password you might be tempted to use a syntax as below:

User.first("login = '#{params[:name]}' AND password = '#{params[:password]}'")

If an attacker enters OR 1=1 as the name, and OR 2>1 as the password, the resulting SQL query will be:

 SELECT * FROM users WHERE login = '' OR '1'='1' AND password = '' OR '2'>'1' LIMIT 1 

This will simply find the first record in the database, and grants access to this user.

To prevent this type of SQL injection simply use the following format.

  User.where("login = ? AND password = ?", entered_user_name, entered_password).first

OR

User.where(:login => entered_user_name, :password => entered_password).first
Is it helpful? Yes No

Most helpful rated by users:

©2016 WithoutBook