aboutsummaryrefslogtreecommitdiffstats
path: root/railties/guides
diff options
context:
space:
mode:
authorJosh Kalderimis <josh.kalderimis@gmail.com>2011-04-23 15:20:19 +0200
committerJosh Kalderimis <josh.kalderimis@gmail.com>2011-04-24 09:56:48 +0200
commitb3ba36830b7c8154cbe11a3fe4a2b2574b228819 (patch)
tree2225e47593b9a3d68b95df94d59819f3b2fd2ff2 /railties/guides
parenta08d04bedfd01cc0a517ccedf74f2ceac70eb28d (diff)
downloadrails-b3ba36830b7c8154cbe11a3fe4a2b2574b228819.tar.gz
rails-b3ba36830b7c8154cbe11a3fe4a2b2574b228819.tar.bz2
rails-b3ba36830b7c8154cbe11a3fe4a2b2574b228819.zip
updated the security guide on the updated mass-assignment security scopes addition, and assign_attributes in AR
Diffstat (limited to 'railties/guides')
-rw-r--r--railties/guides/source/security.textile27
1 files changed, 26 insertions, 1 deletions
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile
index f4c1bde5b1..bf4f11f6b4 100644
--- a/railties/guides/source/security.textile
+++ b/railties/guides/source/security.textile
@@ -418,10 +418,17 @@ To avoid this, Rails provides two class methods in your Active Record class to c
attr_protected :admin
</ruby>
++attr_protected+ also optionally takes a scope option using :as which allows you to define multiple mass-assignment groupings. If no scope is defined then attributes will be added to the default group.
+
+<ruby>
+attr_protected :last_login, :as => :admin
+</ruby>
+
A much better way, because it follows the whitelist-principle, is the +attr_accessible+ method. It is the exact opposite of +attr_protected+, because _(highlight)it takes a list of attributes that will be accessible_. All other attributes will be protected. This way you won't forget to protect attributes when adding new ones in the course of development. Here is an example:
<ruby>
attr_accessible :name
+attr_accessible :name, :is_admin, :as => :admin
</ruby>
If you want to set a protected attribute, you will to have to assign it individually:
@@ -434,7 +441,25 @@ params[:user] # => {:name => "ow3ned", :admin => true}
@user.admin # => true
</ruby>
-A more paranoid technique to protect your whole project would be to enforce that all models whitelist their accessible attributes. This can be easily achieved with a very simple initializer:
+When assigning attributes in Active Record using +new+, +attributes=+, or +update_attributes+ the :default scope will be used. To assign attributes using different scopes you should use +assign_attributes+ which accepts an optional :as options parameter. If no :as option is provided then the :default scope will be used. You can also bypass mass-assignment security by using the +:without_protection+ option. Here is an example:
+
+<ruby>
+@user = User.new
+
+@user.assign_attributes({ :name => 'Josh', :is_admin => true })
+@user.name # => Josh
+@user.is_admin # => false
+
+@user.assign_attributes({ :name => 'Josh', :is_admin => true }, :as => :admin)
+@user.name # => Josh
+@user.is_admin # => true
+
+@user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true)
+@user.name # => Josh
+@user.is_admin # => true
+</ruby>
+
+A more paranoid technique to protect your whole project would be to enforce that all models whitelist their accessible attributes. This can be easily achieved with a very simple initializer:
<ruby>
ActiveRecord::Base.send(:attr_accessible, nil)