@bascule @postmodern_mod3 I also wrote about unsafe marshalling some weeks ago. See http://www.revision-zero.org/rails-vulnerabilities-are-not-rails …
@blambeau @postmodern_mod3 safe Marshal seems doable if you can actually ensure no methods are called on the newly created objects
-
-
@bascule@postmodern_mod3 not even initialize? -
@blambeau@bascule@postmodern_mod3 any method call on marshalled object = owned. if you can't call method on result then unmarshall useless -
@benmmurphy@blambeau@postmodern_mod3 needs a whitelist of classes that are allowed to be safely marshaled/unmarshaled
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.