We try to keep our books accurate, but sometimes mistakes creep in. This page lists the errors submitted by our astute readers. If you've found a new error, please submit it.

The latest version of the book is P1.0, released over 4 years ago. If you've bought a PDF of the book and would like to upgrade it to this version (for free), visit your home page.

Key: Typo Tech. Error Suggestion Not a problem Next edition

By default this page displays the errata for the latest version of the book. If you have a previous version, select it here:  

(To find out what version you have, look at the copyright page, a few pages in from the front of the book. If it says (say) 'Second Printing', then here it'll be P2.0. If there are interim PDF releases in that printing, they'll be 2.1, 2.2, and so on.)

PDF Paper Description Found in Fixed in
birtleneum birtleneum

#45164: back investigate developed--birtleneum

P1.0
28-Sep-10
austenhutc austenhutc

#45165: available disputed benefits sea--austenhutc

P1.0
28-Sep-10
faerwaldsh faerwaldsh

#44971: science live details lime--faerwaldsh

B5.0
10-Sep-10
walbylenno walbylenno

#44972: glacier evaporation down developed--walbylenno

B5.0
10-Sep-10
19

#41620: The second-to-last bullet point reads "Writing code that fails close". It should likely read "Writing code that fails closed".--Phillip Calvin

B5.0
24-Nov-09
21

#46476: para 2: the URL .../profile/new should be .../users/new--Allan Kinnaird

P1.0
25-Feb-11
21
#46479: para 2: "Click the Tamper button in the dialog box, as shown in Figure 2.6" should read "Click the Tamper button to bring up the dialog box sh...more...
P1.0
25-Feb-11
21

#46480: para 3: "Control-click the column" should read "Control-click the Post Parameter column"--Allan Kinnaird

P1.0
25-Feb-11
21...
#46494: Example code download: The Partial lunchedin_broken/app/views/tags/cloud.html.erb needs to be renamed .../_cloud.html.erb (and 14 other instan...more...
P1.0
28-Feb-11
21...
#46495: The migration 007_create_tags_venues should be modified to read: ...create_table :tags_venues, :id => false do |t|... to prevent the creati...more...
P1.0
28-Feb-11
32...

#46496: The XSS exploits in section 2.6 appear not to work in Rails 3.0.5 and Firefox 3.6.13 (Hooray?)--Allan Kinnaird

P1.0
01-Mar-11
39
#41766: On SQL injection on the statement page 39 SELECT * FROM users WHERE (username = 'wally' AND password = 'fakepass' or 'a' = 'a') LIMIT 1 ...more...
P1.0
09-Dec-09
61
#41980: These anti-xss whitelists don't cover unicode character sets, which are required for name and address entry in international applications. ...more...
P1.0
02-Jan-10
116

#43566: The LDAP authentic?() method on page 116 hard-codes all the values that should be read from the LDAP_CONF, as done on the next page.--Seth Arnold

P1.0
05-Jun-10
135
#43567: The description of MAC versus DAC authorization is entirely wrong. :) Discretionary access control is when object owners are allowed to spe...more...
P1.0
05-Jun-10
138
#41740: I think some explanation and a figure have disapeared from the end of p.138 / begining of p.139: Figure 7.5 does not show that Bob is denie...more...
B5.0
07-Dec-09
151

#43571: "We can do this by providing something functionality along these lines..."

s/something functionality/something functionally/--Seth Arnold

P1.0
05-Jun-10
159
#43569: I think the description of symmetric versus asymmetric cryptography could use some extra exposition. Instead of: For the purposes of the bo...more...
P1.0
05-Jun-10
161
#41762: Text: Key distribution is not required as the same application decrypts and decrypts information. Should read: Key distribution is not re...more...
P1.0
09-Dec-09
164

#41763: Text:
Let’s add a security question to LunchedIn to help us authenticate a user that has managed to loose their password.

"loose" should be "lose"--Dave Grijalva

P1.0
09-Dec-09
165
#43570: "That said, both RSA and DSA serve as excellent starting points for encryption." DSA cannot be used with encryption. (DSA was selected to b...more...
P1.0
05-Jun-10
172
#43568: Something about the voice of the introductory paragraph of section 9.1 struck me as aimed at the entirely wrong audience: "As a resident of...more...
P1.0
05-Jun-10
180
#42054: In figure 9.4, the CSR mays not include "the public key of the certificate authority email_ca.cer" as it is written. At this time, the csr has...more...
P1.0
11-Jan-10
187

#43572: "We can use the an issued digital certificate..."

s/the an/an/--Seth Arnold

P1.0
05-Jun-10
189

#43573: "certificate revocation lists (curls)"

s/curls/CRLs/--Seth Arnold

P1.0
05-Jun-10
189

#43575: "revoke the ability to automate create comments"

Suggest remove "automate" and change to "create comments via email".--Seth Arnold

P1.0
05-Jun-10
189
#43576: The receive() method that does S/MIME email validation and comment parsing doesn't actually make sure that: (a) the user rating the venue a...more...
P1.0
06-Jun-10
189

#43577: "lunchedin@gmail.com" -- we have example.com/net/org for a reason :)--Seth Arnold

P1.0
06-Jun-10
192

#43578: "You can learn more about option this in..."

s/option this/this option/--Seth Arnold

P1.0
06-Jun-10
214

#43579: Decide.erb has commented HTML included.

The decision action has commented "Not sure we should nil this out here" :)--Seth Arnold

P1.0
06-Jun-10
219

#43580: "It's primary intended use was to provide"

s/It's/Its/--Seth Arnold

P1.0
06-Jun-10
241

#43581: "but false if the call not complete"

s/call not/call did not/ (or rewrite to more-active "failed". :)--Seth Arnold

P1.0
06-Jun-10
248

#43582: "SPNEGO can operate over many different of network protocols."

s/different of/different/--Seth Arnold

P1.0
06-Jun-10
255

#43583: environment.rb includes a comment # BEGIN_HIGHLIGHT that feels like it was intended for the pragprog hamsters. :)--Seth Arnold

P1.0
06-Jun-10
256

#43584: "In this file, all we modify only the skip_before_filter"

s/all we modify only/we only modify/--Seth Arnold

P1.0
06-Jun-10