diff options
| author | Josh Kalderimis <josh.kalderimis@gmail.com> | 2011-04-23 15:20:19 +0200 |
|---|---|---|
| committer | Josh Kalderimis <josh.kalderimis@gmail.com> | 2011-04-24 09:56:48 +0200 |
| commit | b3ba36830b7c8154cbe11a3fe4a2b2574b228819 (patch) | |
| tree | 2225e47593b9a3d68b95df94d59819f3b2fd2ff2 /railties/guides | |
| parent | a08d04bedfd01cc0a517ccedf74f2ceac70eb28d (diff) | |
| download | rails-b3ba36830b7c8154cbe11a3fe4a2b2574b228819.tar.gz rails-b3ba36830b7c8154cbe11a3fe4a2b2574b228819.tar.bz2 rails-b3ba36830b7c8154cbe11a3fe4a2b2574b228819.zip | |
updated the security guide on the updated mass-assignment security scopes addition, and assign_attributes in AR
Diffstat (limited to 'railties/guides')
| -rw-r--r-- | railties/guides/source/security.textile | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile index f4c1bde5b1..bf4f11f6b4 100644 --- a/railties/guides/source/security.textile +++ b/railties/guides/source/security.textile @@ -418,10 +418,17 @@ To avoid this, Rails provides two class methods in your Active Record class to c attr_protected :admin </ruby> ++attr_protected+ also optionally takes a scope option using :as which allows you to define multiple mass-assignment groupings. If no scope is defined then attributes will be added to the default group. + +<ruby> +attr_protected :last_login, :as => :admin +</ruby> + A much better way, because it follows the whitelist-principle, is the +attr_accessible+ method. It is the exact opposite of +attr_protected+, because _(highlight)it takes a list of attributes that will be accessible_. All other attributes will be protected. This way you won't forget to protect attributes when adding new ones in the course of development. Here is an example: <ruby> attr_accessible :name +attr_accessible :name, :is_admin, :as => :admin </ruby> If you want to set a protected attribute, you will to have to assign it individually: @@ -434,7 +441,25 @@ params[:user] # => {:name => "ow3ned", :admin => true} @user.admin # => true </ruby> -A more paranoid technique to protect your whole project would be to enforce that all models whitelist their accessible attributes. This can be easily achieved with a very simple initializer: +When assigning attributes in Active Record using +new+, +attributes=+, or +update_attributes+ the :default scope will be used. To assign attributes using different scopes you should use +assign_attributes+ which accepts an optional :as options parameter. If no :as option is provided then the :default scope will be used. You can also bypass mass-assignment security by using the +:without_protection+ option. Here is an example: + +<ruby> +@user = User.new + +@user.assign_attributes({ :name => 'Josh', :is_admin => true }) +@user.name # => Josh +@user.is_admin # => false + +@user.assign_attributes({ :name => 'Josh', :is_admin => true }, :as => :admin) +@user.name # => Josh +@user.is_admin # => true + +@user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true) +@user.name # => Josh +@user.is_admin # => true +</ruby> + +A more paranoid technique to protect your whole project would be to enforce that all models whitelist their accessible attributes. This can be easily achieved with a very simple initializer: <ruby> ActiveRecord::Base.send(:attr_accessible, nil) |