Join Kevin Skoglund for an in-depth discussion in this video Protecting attributes during mass assignment, part of Ruby on Rails 3 Essential Training.
Now that we have good password security, there's…another security issue that we need to examine.…How can we protect some of our attributes during mass assignment?…What is mass assignment? What do I mean by that?…Well we've seen a couple examples of it already.…In our create method we have subject =subject.new, and then we just drop…in a hash of all the values that we wanted to assign to the attributes of subject.…Direct assignment would be if we did it one by one,…subject.name= subject.position=, and just straight down the line.…But what we're doing is just mass assignment.…
It's a very convenient method that we can just drop a…whole hash in, and they'll be massassigned to the correct attritbute.…We do it with subject.new, we also…do it with subject.update_attributes in our update method.…Problem comes in and that says nothing about what those values actually are.…We're sort of putting it on auto pilot and anything that makes it in those params,…gets added into our attributes.…So if someone were able to spoof our form somehow and add…
- Understanding MVC (Model View Controller ) architecture
- Routing browser requests through the framework
- Responding to requests with dynamic content
- Defining associations and database relationships
- Creating, reading, updating and deleting records
- Working with forms
- Validating form data
- Reviewing built-in security features
- Authenticating users and managing user access
- Debugging and error handling
Skill Level Beginner
1. What Is Ruby on Rails?
2. Installing Ruby on Rails on a Mac
3. Installing Ruby on Rails on a Windows Machine
4. Getting Started
5. Controllers, Views, and Dynamic Content
6. Databases and Migrations
7. Models, ActiveRecord, and ActiveRelation
9. Controllers and CRUD
10. Layouts, Partials, and View Helpers
12. Data Validation
13. User Authentication
14. Improving the Simple CMS
15. Debugging and Error Handling
16. Introducing More Advanced Topics
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.