Stack Overflow
Stack Overflow

Questions tagged [mass-assignment]

A feature of server-side web framework such as Ruby on Rails, in which all the parameters of an HTTP request are assigned to variables. Mass assignment security provides an interface for protecting attributes from end-user assignment.

Mass assignment is both a convenient feature and a major security concern for server-side code in web applications. If not secured properly, it can allow an attacker to set parameters that should not be controlled from the client.

External links

321 questions
3
votes
2 answers

Laravel MassAssignmentException from firstOrNew by id

I am attempting to save data using Laravel's firstOrNew method, which is producing a MassAssignmentException error. I don't understand why the firstOrNew method should trigger a mass assignment exception since it is merely looking at the database,…
Inigo
  • 8,110
  • 18
  • 62
  • 110
3
votes
1 answer

HP Fortify - Mass assignment

HP fortify scan gives me a message as Mass Assignment: Insecure Binder Configuration ( API Abuse, Structural ) for most of the Action Methods in my controller. Below is the example of the action method. Function Edit(model as…
Aditya Pewekar
  • 91
  • 3
  • 14
3
votes
1 answer

Rails: Brakeman gem unprotected mass assignment issue

I am using brakeman gem to find the security issues in my rails application code. brakeman giving me unprotected mass assigment security issue. below the line that causing this issue. AuthenticationCode.new(:batch_id => batch_id, :code =>…
Sanjay Salunkhe
  • 2,665
  • 5
  • 28
  • 52
3
votes
1 answer

PHP: Slim Framework/Eloquent ORM mass assignment error

I am using eloquent with slim framework outside of laravel, I have controllers that help perform CRUD operations. When I try to perform mass assignment operation Eloquent throws an error saying: SQLSTATE[23000]: Integrity constraint violation: 19…
George
  • 3,757
  • 9
  • 51
  • 86
3
votes
1 answer

Laravel 5 Modify Mass Assignment

How I can change the fillable attribute of a model on the fly? For example, I have User model with, protected $fillable = ['name', 'email', 'password'] When updating the user, I want to exclude 'email' from mass assignment so that the email is not…
user3463927
  • 89
  • 5
3
votes
1 answer

Bitfield assignment - is it safe?

I have a bunch of properties crammed in a bitfield to save on space: struct Flags { uint access : 2; uint status : 2; uint isEnabled : 1; uint isDeletable: 1; ... }; Then I have a static Flags defaultFlags which is initialized…
user3735658
3
votes
1 answer

How to protect fields from mass assignment in Mongoose?

A Mongoose model, Thing, has two fields, only one of which (safe) should be settable through mass assignment: var db = require('mongoose'); var schema = new db.Schema({ safe: { type: String }, // settable through mass assignment unsafe: {…
Rich Apodaca
  • 28,316
  • 16
  • 103
  • 129
3
votes
1 answer

ActiveRecord transaction does not rollback

I'm new to ActiveRecord transactions. In the code below the first update_attributes causes a WARNING: Can't mass-assign protected attributes: account_type_cdx and that is ok. But I was surprised that the next line self.update_attributes!(:purchased…
Pod
  • 928
  • 1
  • 10
  • 30
3
votes
2 answers

"Can't mass-assign protected attributes" with nested protected models

I'm having a time trying to get this nested model working. I've tried all manner of pluralization/singular, removing the attr_accessible altogether, and who knows what else. restaurant.rb: # == RESTAURANT MODEL # # Table name: restaurants # # id …
Morgan
  • 196
  • 9
3
votes
2 answers

Rails - Accepts_nested_attributes_for mass assignment error

I am currently trying to set up a form with nested fields on a belongs_to relationship, but I am running into a mass assignment error. My code so far is as follows (some html removed): Sale model: class Sale < ActiveRecord::Base attr_accessible…
Harry
  • 4,660
  • 7
  • 37
  • 65
3
votes
4 answers

Nested Form, "Can't mass-assign protected attributes"

This is the relevant part of my nested form:
<%= f.fields_for "@partcode" do |p|%> <%= p.label "partcode"%>
<%= p.text_field :partcode %> <% end %>
and i already have this in my model: attr_accessible…
Carla Dessi
  • 9,086
  • 9
  • 39
  • 53
3
votes
2 answers

Was mass assignment really the culprit in Homakov's GitHub hack?

Many commentators (e.g. ZDNet) have suggested that the weakness in GitHub's case was that the model Homakov discovered was vulnerable had mass assignment enabled for its attributes. However, I think the problem was not this, but was rather a failure…
user82216
3
votes
4 answers

Magento mass-assign products to category

As the title says,i need to mass-assign products to a category and from the admin i can only edit one product at a time; i dont know why it just doesnt work to mass add them from the "category products" tab in the category page. Thats why i need…
DanCapitanDePlai
  • 457
  • 2
  • 6
  • 19
2
votes
1 answer

How to fix the Rails mass assignment issue?

After the big news yesterday, I've been trying to find a solid article about how to fix this issue with regard to different versions of Rails, and I'm unable to do so. The best resource that I have found so far is…
gtr32x
  • 2,033
  • 4
  • 20
  • 32
2
votes
1 answer

Extending ActsAsTaggableOn to have Images, but getting "Can't mass-assign protected attributes: tag_image" Error

I'm using the acts_as_taggable_on gem to tag ads. It works fine, but I need the tags to have images, so I decided to extend the plugin and writed this module: # Add logic to ActsAsTaggableOn Tag model module TagExtend def…
cicloon
  • 1,099
  • 5
  • 13
1 2 3
21 22