Skip to content

Instantly share code, notes, and snippets.

Tim Morton tmorton

  • Washington, DC
Block or report user

Report or block tmorton

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View security.md

Proposal for Improving Mass Assignment

For a while, I have felt that the following is the correct way to improve the mass assignment problem without increasing the burden on new users. Now that the problem with the Rails default has been brought up again, it's a good time to revisit it.

Sign Allowed Fields

When creating a form with form_for, include a signed token including all of the fields that were created at form creation time. Only these fields are allowed.

To allow new known fields to be added via JS, we could add:

@hotchpotch
hotchpotch / unicorn_killer.rb
Created Oct 3, 2011
Unicorn process killer utility
View unicorn_killer.rb
# # your config.ru
# require 'unicorn_killer'
# use UnicornKiller::MaxRequests, 1000
# use UnicornKiller::Oom, 400 * 1024
module UnicornKiller
module Kill
def quit
sec = (Time.now - @process_start).to_i
warn "#{self.class} send SIGQUIT (pid: #{Process.pid})\talive: #{sec} sec"
You can’t perform that action at this time.