sweno Wrote:This ignorance of scope is one of the basics they seem to just not get. And one of first things you deal with when it comes to dealing with hostile users.
I don't have a lot of experience with ruby on rails, but I know enough to say that this level of security is something you need to bake into the code.
The thing is, it's kind of built into the framework already. Or at least, what strikes me as the correct way to handle most of these issues is to do allowability checking in before_filter actions. If it looks good there, then it gets passed on to the business logic. And it makes sense to implement the business logic first under this structure, because that gives certainty on exactly what needs to be checked for a given action. (And, given a reasonably straightforward design, should allow one to avoid a great deal of Repeating Yourself, which has various benefits.)
Basically, it wouldn't cost exponentially more to add proper security to this code. It really, really wouldn't.
The real problem here seems to be a social one. While it may make sense to code things in this order, it's a real problem for code in this state to end up in the hands of people who will actually try to use it as-is. (Though given certain statements in the release, I might call it on the order of a stupidity tax...)
-Morgan.