Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So between Sinatra's default error message giving away sensitive information and the suggested "params[..]" approach gets ALL input variables, regardless POST or GET.

What other gotchas should be know about Sinatra development?



Basically every framework has a development mode that gives very descriptive error messages, and you're always supposed to disable it in production.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: