Why slicing the params hash poses a security issue on mass-assignment?

前端 未结 5 1043
余生分开走
余生分开走 2021-02-13 03:25

The official way of preventing security risks with mass-assignment is using attr_accessible. However, some programmers feel this is not a job for the model (or at least not

5条回答
  •  梦如初夏
    2021-02-13 03:53

    As of Rails 4, slicing the parameters will be the preferred method of dealing with mass assignment security. The Rails core team has already developed a plugin to deal with this now, and they are working on integrating support for nested attributes and signed forms. Definitely something to check out: http://weblog.rubyonrails.org/2012/3/21/strong-parameters/

提交回复
热议问题