Try Engine Yard for your Rails app
START A FREE TRIALFree Download
"Top 10 Advantages of Platform-as-a-Service"
Should you DIY your app deployment & maintenance or hand it off?
Subscribe to the Engine Yard blog for expert Rails tips!
June
4th
2009
Http Digest Auth: Vulnerability in Rails 2.3.1/2
If you are using Ruby on Rails 2.3.1 or 2.3.2, using http digest authentication and setting the username / password via hash, then you will be affected by this vulnerability. This vulnerability allows users to bypass http authentication without a valid password.
Please read the full posting on the Rails Security Group for more details and the appropriate workaround to implement in your code, until the official fix is available in the 2.3.3 release.
(Engine Yard customers have already been contacted via email about this vulnerability).
Share your thoughts with @engineyard on Twitter