Tag security

6 votes

23875 views

Protect mass assignment

Rails mass assignment feature is really useful, but it may be a security issue, it allows an attacker to set any models' attributes you may not expect. To avoid this, we should add attr_accessbile or attr_protected to all models.

implemented

Comments

flyerhzm

2 votes

10784 views

Pay more attentions on security

Recently we saw rails exposed some security issues, github was attacked, rubygems.org was crashed, they all remind us we must pay more attentions on our rails projects.

Comments

flyerhzm