Content deleted Content added
m grammar? flow of sentence |
Added text |
||
Line 9:
In 2012 mass assignment on Ruby on Rails allowed bypassing of mapping restrictions and resulted in [[proof of concept]] injection of unauthorized [[Secure Shell|SSH]] public keys into user accounts at [[GitHub]].<ref>{{cite web | url=http://www.zdnet.com/github-suspends-member-over-mass-assignment-hack-4010025556/ | title=GitHub suspends member over 'mass-assignment' hack | publisher=ZDnet | year=2012 | accessdate=February 27, 2013}}</ref><ref>{{cite web | url=http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/ | title=[SEC][ANN] Rails 3.2.12, 3.1.11, and 2.3.17 have been released! | accessdate=January 7, 2016}}</ref> Further vulnerabilities in Ruby on Rails allowed creation of internal objects through a specially crafted [[JSON]] structure.<ref>{{cite web | url=https://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/ | title=Denial of Service and Unsafe Object Creation Vulnerability in JSON (CVE-2013-0269) | accessdate=January 7, 2016}}</ref>
In ASP.NET Core mapping restriction can be declared using the <code>[BindNever]</code> attribute.<ref>https://docs.microsoft.com/en-us/aspnet/core/mvc/models/model-binding</ref>
==References==▼
== See also ==
* [[Data transfer object]] (DTO)
▲== References ==
{{Reflist}}
| |||