nicolasblanco
commented
14 years ago +1, I like the trusted-params philosophy, also want it for rails 3. maybe will patch it later if got some time :).
Open thibaudgg opened 14 years ago
nicolasblanco
commented
14 years ago +1, I like the trusted-params philosophy, also want it for rails 3. maybe will patch it later if got some time :).
bbhoss
commented
14 years ago +∞
nicolasblanco
commented
14 years ago http://guides.rubyonrails.org/security.html :
"A more paranoid technique to protect your whole project would be to enforce that all models whitelist their accessible attributes. This can be easily achieved with a very simple initializer:
ActiveRecord::Base.send(:attr_accessible, nil)
This will create an empty whitelist of attributes available for mass assignment for all models in your app. As such, your models will need to explicitly whitelist accessible parameters by using an attr_accessible declaration. "
TylerRick
commented
13 years ago I'm getting this error when I start my app:
/home/tyler/.rvm/gems/ruby-1.9.2-p180/gems/activerecord-3.0.9/lib/active_record/base.rb:1014:in `method_missing': undefined method `metaclass' for ActiveRecord::Base:Class (NoMethodError)
from /home/tyler/.rvm/gems/ruby-1.9.2-p180/bundler/gems/trusted-params-f9154144e64c/lib/trusted_params/active_record_additions.rb:21:in `extended'
:'(