@bascule @postmodern_mod3 I also wrote about unsafe marshalling some weeks ago. See http://www.revision-zero.org/rails-vulnerabilities-are-not-rails …
-
-
Replying to @blambeau
@blambeau@postmodern_mod3 safe Marshal seems doable if you can actually ensure no methods are called on the newly created objects1 reply 0 retweets 0 likes -
-
Replying to @blambeau
@blambeau@bascule@postmodern_mod3 any method call on marshalled object = owned. if you can't call method on result then unmarshall useless1 reply 0 retweets 1 like
Replying to @benmmurphy
@benmmurphy @blambeau @postmodern_mod3 needs a whitelist of classes that are allowed to be safely marshaled/unmarshaled
11:04 AM - 30 Jan 2013
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.