Tag security

6 votes

24281 views

Protect mass assignment

Rails mass assignment feature is really useful, but it may be a security issue, it allows an attacker to set any models' attributes you may not expect. To avoid this, we should add attr_accessbile or attr_protected to all models.

implemented

Comments

flyerhzm

2 votes

12162 views

Pay more attentions on security

Recently we saw rails exposed some security issues, github was attacked, rubygems.org was crashed, they all remind us we must pay more attentions on our rails projects.

Comments

flyerhzm