Read this blog post for an approach to mass-assignment security that:

• Does not rely on the developer remembering to protect their attributes like attr_protected does.
• Does not keep the developer from using a whole class of convenience methods like attr_accessible does.