Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I don’t know if the term “mass assignment” is Rails-specific but I get the basic idea that mass assignment is when you assign values to a bunch of variables all in the same method.
Is that a correct definition and why is there a special name for this?
Mass assignment in Rails is when you use something like
User.new(:name => "David", :occupation => "Code Artist")to set all of the values for a row at once. The danger comes in when you change this code to be more likeUser.new(params[:user]). Now it’s possible for an end user to maliciously craft the Hash that is passed in as a parameter toUser.newand set variables you weren’t expecting. Hence the need forattr_accessibleandattr_protected, which limit an end user’s ability to set fields that they shouldn’t be able to affect directly.