Questions tagged [scoped-mass-assignment]

without declaring which attributes are protected and which are accessible, malicious users can set any column value in your database, including foreign keys and secure data.

Without any precautions Model.new(params[:model]) allows attackers to set any database column’s value.

The mass-assignment feature may become a problem, as it allows an attacker to set any model’s attributes by manipulating the hash passed to a model’s new() method.

3 questions

votes

1 answer

How to seed a Rails 3.1 app with scoped mass assignment

How does Rails 3.1 (RC4) and scoped mass assignment expect us to work with seeds.rb when loading a list of data. For example. I normally have something like: City.create([ { :name => 'Chicago' }, { :name => 'Copenhagen' }, ... ]) Which…

asked Jun 22 '11 at 02:21

Christian Fazzini

19,613
21
110
215

vote

1 answer

Mass assignment enter value in guarded field

Is it possible to fill a guarded field with the ::create method from Elequent models, If my User model is like so: $guarded=['password','id'] $fillable=['username'] Is it possible to do…

laravel-4 eloquent scoped-mass-assignment

asked Oct 04 '14 at 21:04

user3620691

votes

1 answer

Scoped mass assignment and accepts_nested_attributes_for in Rails 3.1 not working?

Using Rails 3.1 RC4. My User model has the following: has_many :emails, :dependent => :destroy accepts_nested_attributes_for :emails My Email model has the following: belongs_to :user attr_accessible :email, :email_confirmation, :as =>…

ruby-on-rails-3 scope mass-assignment scoped-mass-assignment

asked Jun 13 '11 at 05:59

Christian Fazzini

19,613
21
110
215