Stack Overflow
Stack Overflow

Questions tagged [mass-assignment]

A feature of server-side web framework such as Ruby on Rails, in which all the parameters of an HTTP request are assigned to variables. Mass assignment security provides an interface for protecting attributes from end-user assignment.

Mass assignment is both a convenient feature and a major security concern for server-side code in web applications. If not secured properly, it can allow an attacker to set parameters that should not be controlled from the client.

External links

321 questions
0
votes
0 answers

Nested form mass assignment error with a has many through relationship

I'm trying to use a nested form at the moment to add category tags to a song as you create the song. At the moment it's throwing a mass assignment error every time I submit the form despite the fact that I've put in what I believe to be the correct…
TangoKilo
  • 1,785
  • 3
  • 25
  • 43
0
votes
1 answer

In Rails, how can I protect an attribute from mass assignment while still allowing the attribute to be set when the object is first created?

I've only been working with Rails for a few months now so I may be missing something obvious, but if an attribute is protected from mass assignment by attr_accessible, or attr_protected, how do you set that attribute when you first create a record?…
Ajedi32
  • 45,670
  • 22
  • 127
  • 172
0
votes
1 answer

How do I mass-assign unique instance variable names when iterating and parsing over an array of hashes?

Here is the big hash that I start with (actually its been refined a step or two but this is what I'm starting with at this point. angel_hash = {"follower_count"=>1369, "name"=>"AngelList", "markets"=> [{"display_name"=>"Startups",…
boulder_ruby
  • 38,457
  • 9
  • 79
  • 100
0
votes
1 answer

how to avoid Can't mass-assign protected attributes issue from controller

let's say, i've got 2 apps which use the same database(app), and i've got a field say: cool, so i want to use this field in first app but not in second. so how to avoid this error Can't mass-assign protected attributes without using attr_accessible…
Said Kaldybaev
  • 9,380
  • 8
  • 36
  • 53
0
votes
1 answer

Adding many photos to a record. Can't mass-assign protected attributes:

I'm trying to add photos to my app using paperclip. A mug can have many photos. When I try to save a new mug I get this error: ActiveModel::MassAssignmentSecurity::Error in MugsController#create Can't mass-assign protected attributes:…
Dave
  • 1,175
  • 2
  • 21
  • 49
0
votes
4 answers

How protect all fields against mass assignment in mongoid app

I have added this fix https://gist.github.com/2382288 for protect all fields against mass assignment in mongoid app. in my config/initializers/mongoid.rb I have added this fix: module Mongoid module MassAssignmentSecurity extend…
hyperrjas
  • 10,666
  • 25
  • 99
  • 198
0
votes
1 answer

How to test for mass assignment error

Seems I want to do the opposite of what most people ask for when testing rails... How to test FOR ActiveModel::MassAssignmentSecurity::Error. I get this already, just want to know how to make it make my test case green and not red. current…
Tyler
  • 11,272
  • 9
  • 65
  • 105
0
votes
2 answers

how to avoid mass assignment error with has_many :through relationship

I am trying to do an update_attributes of a nested model and keep running into a mass assignment error. Here are my models: class Lineup < ActiveRecord::Base belongs_to :user has_many :piece_lineups has_many :pieces, through: :piece_lineups …
Matthew Berman
  • 8,481
  • 10
  • 49
  • 98
0
votes
1 answer

ActiveMerchant purchase function rails 3.2.5 mass-assign

I am using Rails 3.2.5. Following Ryan Bates tutorial. http://railscasts.com/episodes/145-integrating-active-merchant. My order.rb has this function def purchase response = GATEWAY.purchase(price_in_cents, credit_card, purchase_options) …
Benjamin
  • 2,108
  • 2
  • 26
  • 46
0
votes
2 answers

If I put all my db columns in attr_accessible am I safe from a mass assignment attack?

I know that with Rails 3.2 all attributes are 'black-listed' in essence, that forces you to whitelist each attribute via attr_accessible. However, if I make every column in my table attr_accessible doesn't that leave me vulnerable to mass assignment…
marcamillion
  • 32,933
  • 55
  • 189
  • 380
0
votes
1 answer

Rails parent child form example preventing mass assignment

I use rails 3.2 and I want to prevent mass-assignment. I have parent-child relationship. class Parent < ActiveRecord:Base has_many :children attr_accessible :name end class Child < ActiveRecord:Base belongs_to :parent attr_accessible…
Tomasz Kalkosiński
  • 3,673
  • 1
  • 19
  • 25
0
votes
2 answers

How do I avoid mass assignment vulnerability with dynamic roles?

I have User, Account, and Role models. Role stores the relationship type between Account and User. I left attr_accessible in Role blank to prevent a mass assignment vulnerability (otherwise attackers could change the role type--owner, admin,…
Mohamad
  • 34,731
  • 32
  • 140
  • 219
0
votes
1 answer

Can't mass-assign protected attributes even if I use attr_accessible

I'm working on a Rails 3.2.2 application which has JSON APIs and I use a CLI client for inserting some data. It works fine except for the Author model. When I try to create a new post (Post belongs_to :author and Author has_many :posts) I get the…
R3v4n
  • 739
  • 6
  • 11
0
votes
2 answers

Ruby on Rails - Mass assignment issue

Begginer Running rails 3.2.2, Ruby 1.8.7 I have 2 models, a Hotel (created by scaffolding) and Facility (with empty controller). I am able to set the 1-to-1 association and siplaying fields but can't seem to insert it in the databases. Im…
Silver
  • 693
  • 1
  • 10
  • 27
-1
votes
1 answer

Laravel mass assigning guarded fields

So basically, I'm using mass assignment for convenience. However I have a guarded field called "userid". I've made the separate code to insert into this field but for some reason I still get the error: SQLSTATE[HY000]: General error: 1364 Field…
tzcoding
  • 69
  • 6
1 2 3
21
22