Aston J

Archive for March, 2012

Rails mass assignment security

Posted on: March 6th, 2012 by AstonJ 5 Comments

While Rails does a lot to secure your app, some things it leaves to you (as one size doesn’t fit all) and mass assignment security (MAS) is one such example. Rails does of course, make it easy for you to bolt things up, here’s how.

When will you need MAS?

Whenever you are accepting data from users, such as from a form via a params[:hash] and using update_attributes (and family) eg: