Unsecured Mass Assignment Is Bad
A slew of github gists. I don’t understand why people don’t make these blog posts, I can only imagine the traffic they’re getting. Embedding gists is easy.
- Homakov shows us how he was able to compromise Github.com
- Jbarnette shows us how to make your Rails app warn on ActiveRecord::Base#update_attributes
- Wycats creates a Proposal for Improving Mass Assignment
- DHH on how 37signals commonly avoids Mass Assignment vulnerabilities. Should be used in addition to attr_accessible.
Ruby Forest Druid.