翻訳と辞書
Words near each other
・ Mass action (sociology)
・ Mass action law (electronics)
・ Mass Action Principle (neuroscience)
・ Mass affluent
・ Mass airflow
・ Mass Alert
・ Mass amateurization
・ Mass Appeal
・ Mass Appeal (disambiguation)
・ Mass Appeal (film)
・ Mass Appeal (magazine)
・ Mass Appeal (song)
・ Mass Appeal Madness
・ Mass Appeal Records
・ Mass arrest
Mass assignment vulnerability
・ Mass attenuation coefficient
・ Mass automobility
・ Mass balance
・ Mass bequest
・ Mass call event
・ Mass catcher
・ Mass Central Rail Trail
・ Mass chromatogram
・ Mass City, Michigan
・ Mass collaboration
・ Mass communication
・ Mass communication specialist
・ Mass comparison
・ Mass concentration


Dictionary Lists
翻訳と辞書 辞書検索 [ 開発暫定版 ]
スポンサード リンク

Mass assignment vulnerability : ウィキペディア英語版
Mass assignment vulnerability

Mass assignment is a computer vulnerability where an active record pattern in a web application is abused to modify data items that the user should not normally be allowed to access such as password, granted permissions, or administrator status.
Many web application frameworks offer an active record feature, where database record fields can be modified by automatically generated web API methods. If the framework doesn't prevent that automatically and the application designer doesn't mark specific fields as immutable this way, it's possible to abuse the API call and modify these hidden fields.
These vulnerabilities were found in applications written in Ruby on Rails,〔(【引用サイトリンク】 title=Mass Assignment )ASP.NET MVC,〔(【引用サイトリンク】 title=Mass Assignment Vulnerability in ASP.NET MVC )Java Play framework.〔(【引用サイトリンク】title=Playframework, how to protect against Mass Assignment )
In 2012 mass assignment on Ruby on Rails was published that allowed injection of unauthorized SSH public keys into user accounts at GitHub.
==References==


抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)
ウィキペディアで「Mass assignment vulnerability」の詳細全文を読む



スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース

Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.