@bascule bullshit, it's already spread.
-
-
-
@bascule i have a rails app that does a minimum of 14 cache invalidations per request, only one of which is user code. -
@raggi how do you measure that? I was curious if rbtrace could but afaict it can't. I *know* we're doing it in plenty of places -
@bascule i told you before, override it in kernel. seems odd, think about the ancestor list ;-) -
@raggi you're saying override extend? I'd like to just see any time people are changing code at runtime -
@bascule yeah, that's harder. method_added -
@raggi singleton_method_added o_O - 13 more replies
New conversation -
-
-
@bascule interesting thing about the dynamic finder vuln today was that everyone was looking at AR::Base.method_missing, which defs methods -
@fowlduck we were actually looking at parameter handling and sessions as possible attack vectors -
@bascule who was? LivingSocial? -
@fowlduck confirm, our security team and hangers on ;) -
@bascule ah, right, yeah, that seems like the natural place to look. -
.
@fowlduck short answer, not a vuln unless 1) really, really stupid parameter handling or 2) you're dumb enough to publish your session key -
@bascule my point, however, was that it also dynamically defines methods at runtime as they're used, which busts the method cache, right? -
@fowlduck yes, but it's a bit different if they eventually stabilize instead of grow unboundedly - 1 more reply
New conversation -
-
-
@bascule not nearly as bad as doing it all the time on every request, but still...Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule it used to do it for both dynamic scopes and dynamic finders, but now it's just dynamic scopesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.