Skip to content

Instantly share code, notes, and snippets.

Igor Ranieri Elland Elland

  • Swabian Alps
Block or report user

Report or block Elland

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
rafaelp / attr_acessible_security.rb
Created Mar 5, 2012
How to protect against mass assignment attack
View attr_acessible_security.rb
# Put this file on config/initializer
# This will create an empty whitelist of attributes available for mass assignment for
# all models in your app. As such, your models will need to explicitly whitelist
# accessible parameters by using an attr_accessible declaration. This technique is best
# applied at the start of a new project. However, for an existing project with a thorough
# set of functional tests, it should be straightforward and relatively quick to insert this
# initializer, run your tests, and expose each attribute (via attr_accessible) as dictated
# by your failing tests.
You can’t perform that action at this time.