How I can set 'attr_accessible' in order to NOT allow access to ANY of the fields FOR a model using Ruby on Rails?

Question

If in a model file I have just this code:

class Users < ActiveRecord::Base
end

what this means? All attributes related to the model are acce

Answer 1

I prefer to be more explicit in the denial for one model:

class Users < ActiveRecord::Base
  attr_accessible nil
end

The result is the same as attr_accessible with no params, but makes your intent more clear. This will reduce the likelihood that a future programmer (e.g. yourself!) will delete the line...or start adding fields to attr_accessible.

This appeases Brakeman and other vulnerability-sniffing tools.