From what I've seen after quickly browsing through the sitealizer
(http://sitealizer.rubyforge.org/) source, it'll make the whole application vulnerable to SQL-injection attacks. All HTTP params are passed directly into SQL calls without quoting.
From what I've seen after quickly browsing through the sitealizer
(http://sitealizer.rubyforge.org/) source, it'll make the whole application vulnerable to SQL-injection attacks. All HTTP params are passed directly into SQL calls without quoting.