By: Piers Cawley
11 Aug 2006 7:01am GMT I don't know about large rails sites, but it was certainly a headache for the typo team. Especially once it turned out that 1.1.5 didn't stop the denial of service attack. Still, the work we did to get rid of the default @:controller/:action/:id@ route wasn't necessarily in vain.
By: Benjamin
11 Aug 2006 7:01am GMT And I think wherein you stated large scale rails sites were affected lies the crux of the problem. For all we know though, some larger-scale sites may have already patched this and told nobody though its highly unlikely. This is making it more and more of a problem for those companies with rails production teams to have need for security-minded people as part of them. dev is one thing, security-dev is another and being able to spot holes often happens after their exploited. Nice summary. - ben...