Content deleted Content added
Removed Laravel reference as this is not a "special step" to prevent mass assignment vulnerability, it is a easy way to ensure it does not occur and still be able to use input::All. You can assign the variables manually as well. |
m grammar? flow of sentence |
||
Line 3:
'''Mass assignment''' is a [[vulnerability (computing)|computer vulnerability]] where an [[active record pattern]] in a [[web application]] is abused to modify data items that the user should not normally be allowed to access such as password, granted permissions, or administrator status.
Many [[web application framework]]s offer an [[active record pattern|active record]] and [[object-relational mapping]] features, where external data in [[serialization]] formats is automatically converted on input into internal [[Object (computer science)|objects]] and, in turn, into database record fields. If the framework's interface for that conversion is too permissive and the application designer doesn't mark specific fields as immutable, it's possible to overwrite fields that were never intended to be modified from outside (e.g. admin permissions flag).<ref>{{cite web | url=http://cwe.mitre.org/data/definitions/915.html | title=CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes | publisher=NIST | work=Common Weakness Enumeration | accessdate=February 27, 2013}}</ref>
These vulnerabilities were found in applications written in [[Ruby on Rails]],<ref>{{cite web | url=http://guides.rubyonrails.org/security.html#mass-assignment | title=Mass Assignment | work=Ruby On Rails Security Guide | accessdate=February 27, 2013}}</ref> [[ASP.NET MVC]],<ref>{{cite web | url=http://ironshay.com/post/Mass-Assignment-Vulnerability-in-ASPNET-MVC.aspx | title=Mass Assignment Vulnerability in ASP.NET MVC | publisher=IronsHay | accessdate=February 27, 2013}}</ref> [[Java (software platform)|Java]] [[Play framework]],<ref>{{cite web|url=http://alots.wordpress.com/2014/03/26/playframework-how-to-protect-against-mass-assignment/ |title=Playframework, how to protect against Mass Assignment |date=2014 |author=Alberto Souza}}</ref>
| |||