A different approach to Rails mass-assignment security
Read this blog post for an approach to mass-assignment security that:
- Does not rely on the developer remembering to protect their attributes like attr_protected does.
- Does not keep the developer from using a whole class of convenience methods like attr_accessible does.
Post a comment