YAML’s security risks are in no way limited to Rails or Ruby. YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution.
It’s Not Just Ruby
A few weeks ago, I had a need to parse Jasmine’s jasmine.yml in some C# code. I spent some time looking at [...]
- Nina on Speaking at Dog Food Conference, CloudDevelop, and CodeMash
- Ricardo on "Test-Only Development" with the Z3 Theorem Prover
- When to use TempData vs Session in ASP.Net MVC - asp.net-mvc on ASP.NET MVC TempData Is Really RedirectData
- The week in .NET – 1/12/2015-IT大道 on F# Presentations at CodeMash 2016
- The week in .NET - 1/12/2015 - .NET Blog - Site Home - MSDN Blogs on F# Presentations at CodeMash 2016