Prevent update of some properties?

Question

Prevent update of some properties?

On rails when updating a model, how do you prevent some properties of the model from being updated when using a type call:

@user.update_profile params[:user]

Since anyone can simply create a form input with a name like “password”, how can you filter out a set of properties that you can update?

Is that what attr_XXX is for?

+5

security ruby-on-rails

Blankman Oct 6 '10 at 2:39

source share

2 answers

attr_protected , . .

class User < ActiveRecord::Base
  attr_protected :password
end

attr_accessible, , . .

N.B ,

@user.password = "not secure"

+4

EmFi 06 . '10 2:43

Daniel Vandersluis · Accepted Answer · 2010-10-06T02:42:48+0000

You are looking for attr_accessible. It allows you to specify which attributes can be set using a bulk update (for example update_attributes), but you can still set the attributes manually (i.e. @user.attribute = ...).

. attr_accessible Ruby on Rails.

Prevent update of some properties?

More articles: