rubyonrails security issues??????

i don't understand what you're asking... do you not want the id '5' to appear in the url?

Unless you use those params in yr method [and you'd have to write code to use them, so you'd know it] they're not being used anyhow.

RSL

Allow me to reiterate: Unless you specifically use them in your controller methods, extra params on the url will _not_ be used and do _not_ pose a security threat. Hope that clears things up.

RSL

Yah, but: (Sorry, I have to say this.) A dev who's unclear on how his routes/URLs are generated, that's a security issue.

Let me try to actually be helpful, since I can't figure out where the param's coming from either: I started David Black's PDF mini-book on routing, it's quite good, tho i forgot to bring it with me :

http://www.bookpool.com/sm/0132417995