How I can set 'attr_accessible' in order to NOT allow access to ANY of the fields FOR a model using Ruby on Rails?

Question

If in a model file I have just this code:

class Users < ActiveRecord::Base
end

what this means? All attributes related to the model are acce

Answer 1

Beginning with Rails 3.1, the following configuration option is available to disable mass-assignment by default for all models until you explicitly call attr_accessible or attr_protected:

config.active_record.whitelist_attributes = true

See http://edgeguides.rubyonrails.org/security.html#mass-assignment and https://github.com/rails/rails/commit/f3b9d3aba8cc0ffaca2da1c73c4ba96de2066760