Model.new(params) can be dangerous?

I was just thinking, what if someone accidentally leaves something dangerous in a blah= method...

could have some really bad consequences.

Perhaps we're better off defining all write-able attributes, rather than doing an "attr_protected" on all the ones we dont want.

another reason I'm swaying toward Datamapper over ActiveRecord.

Matthew Rudy Jacobs wrote:

I was just thinking, what if someone accidentally leaves something dangerous in a blah= method...

could have some really bad consequences.

Perhaps we're better off defining all write-able attributes, rather than doing an "attr_protected" on all the ones we dont want.

MatthewRudyOnRails: Whoops! Rails security flaw.

another reason I'm swaying toward Datamapper over ActiveRecord.

whoops... Rails already allows this;

""" attr_accessible(*attributes)

Specifies a white list of model attributes that can be set via mass-assignment, such as new(attributes), update_attributes(attributes), or attributes=(attributes)

This is the opposite of the attr_protected macro: Mass-assignment will only set attributes in this list, to assign to the rest of attributes you can use direct writer methods. This is meant to protect sensitive attributes from being overwritten by malicious users tampering with URLs or forms. If you‘d rather start from an all-open default and restrict attributes as needed, have a look at attr_protected.

  class Customer < ActiveRecord::Base     attr_accessible :name, :nickname   end

  customer = Customer.new(:name => "David", :nickname => "Dave", :credit_rating => "Excellent")   customer.credit_rating # => nil   customer.attributes = { :name => "Jolly fellow", :credit_rating => "Superb" }   customer.credit_rating # => nil

  customer.credit_rating = "Average"   customer.credit_rating # => "Average" """