Curl in an infinite loop to POST to rails app
I am new to RoR apps.. and had implemented Devise as authentication.
Everything was going on fine.. until I discovered, that I was able to
create users via curl command by POST method as below:
curl -d
"user[username]=hacker&user[email]=hacker@test.com&user[password]=password&user[password_confirmation]=password&user[admin]=1"
http://lvh.me:3000/users/
What if someone runs the curl command in an infinite loop.. is there a way
to protect it ?
If I use attribute_accessible to not expose the fields, then I wont be
able to create the users from the app itself..
I could not find anything in Google also. Please help me understand if
this is normal.?
No comments:
Post a Comment