commented whitelist mode enforcement for mass assignment

author: lest <just.lest@gmail.com> 2011-12-13 10:14:38 +0300
committer: lest <just.lest@gmail.com> 2011-12-13 10:14:38 +0300
commit: f2fa4837a8a888ee86997be892d0aa5bbd2b5fd0 (patch)
tree: d2aa4bd058c7f07b902e6b2375c8f1392e4f3b0c
parent: 810837dda890a5bc5d0b4d65b973ca0ccc9465bd (diff)
download: rails-f2fa4837a8a888ee86997be892d0aa5bbd2b5fd0.tar.gz
rails-f2fa4837a8a888ee86997be892d0aa5bbd2b5fd0.tar.bz2
rails-f2fa4837a8a888ee86997be892d0aa5bbd2b5fd0.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/railties/lib/rails/generators/rails/app/templates/config/application.rb b/railties/lib/rails/generators/rails/app/templates/config/application.rb
index 40fd843b1b..c6dfa1f2dd 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/application.rb
+++ b/railties/lib/rails/generators/rails/app/templates/config/application.rb
@@ -54,6 +54,12 @@ module <%= app_const_base %>
     # like if you have constraints or database-specific column types
     # config.active_record.schema_format = :sql
 
+    # Enforce whitelist mode for mass assignment.
+    # This will create an empty whitelist of attributes available for mass-assignment for all models
+    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
+    # parameters by using an attr_accessible or attr_protected declaration.
+    # config.active_record.whitelist_attributes = true
+
 <% unless options.skip_sprockets? -%>
     # Enable the asset pipeline
     config.assets.enabled = true
author	lest <just.lest@gmail.com>	2011-12-13 10:14:38 +0300
committer	lest <just.lest@gmail.com>	2011-12-13 10:14:38 +0300
commit	f2fa4837a8a888ee86997be892d0aa5bbd2b5fd0 (patch)
tree	d2aa4bd058c7f07b902e6b2375c8f1392e4f3b0c
parent	810837dda890a5bc5d0b4d65b973ca0ccc9465bd (diff)
download	rails-f2fa4837a8a888ee86997be892d0aa5bbd2b5fd0.tar.gz rails-f2fa4837a8a888ee86997be892d0aa5bbd2b5fd0.tar.bz2 rails-f2fa4837a8a888ee86997be892d0aa5bbd2b5fd0.zip