This project is archived and is in readonly mode.

#3178 ✓resolved
Eric Chapweske

Mass Assignment Security Refactoring

Reported by Eric Chapweske | September 9th, 2009 @ 10:15 PM | in 3.0.2

This patch provides a rewrite that is hopefully more understandable and modular than the existing code. This should allow developers and plugin authors to experiment a bit more without introducing massive security holes. E.g., it's pretty trivial to move responsibility over to a controller by including ActiveRecord::MassAssignmentSecurity and adding a couple helper methods. This is my first contribution attempt so hopefully I didn't mess up too much ;)

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Pages