Unitech
Reputation: 5981
Will Ruby On Rails 4 set by defaut config.active_record.whitelist_attributes to true?
Did RoR4 will set by default config.active_record.whitelist_attributes to true and some other securities values ?
Now I think RoR is enough simplified to integrates this kinds of constraints for securities reasons.
Thanks
Upvotes: 4
Views: 1969
Answers (2)
maletor
Reputation: 7122
...and it's gone. This is likely going to stay given Rails 4 has abstracted attr_accessible into a gem.
Upvotes: 3
Jesse Wolgamott
Reputation: 40277
As of now, yes -- check it out:
# Enforce whitelist mode for mass assignment.
# This will create an empty whitelist of attributes available for mass-assignment for all models
# in your app. As such, your models will need to explicitly whitelist or blacklist accessible
# parameters by using an attr_accessible or attr_protected declaration.
<%= comment_if :skip_active_record %>config.active_record.whitelist_attributes = true
Upvotes: 4
Related Questions
- Active Model Forbidden attributes error
- config.active_record.whitelist_attributes = false in Rails 4.2 App
- Rails 4 Strong Parameters : can I 'exclude' / blacklist attributes instead of permit / whitelist?
- Ruby - Ignore protected attributes
- Rails 4+: do not retrieve sensitive attributes from DB by default
- whitelisting params that are not in the model attributes
- Rails 4 - whitelisted nested attributes nil in create
- Strong parameters - manual whitelisting
- Rails: Is there an efficient way to get all whitelisted attributes with values?
- is there a whitelist-like inverse of attr_readonly?