I have added this fix https://gist.github.com/2382288 for protect all fields against mass assignment in

Question

0

Editorial Team

Asked: June 6, 20262026-06-06T15:53:57+00:00 2026-06-06T15:53:57+00:00

I have added this fix https://gist.github.com/2382288 for protect all fields against mass assignment in

0

I have added this fix https://gist.github.com/2382288 for protect all fields against mass assignment in mongoid app.

in my config/initializers/mongoid.rb I have added this fix:

module Mongoid
  module MassAssignmentSecurity
    extend ActiveSupport::Concern

    included do
      attr_accessible nil
    end
  end

  module Document
    include MassAssignmentSecurity
  end
end

My question is:

this fix completely protects your application against attacks mass assignment?

Or is recommended to add attr_accessible all the attributes in each model?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-06T15:53:58+00:00

Editorial Team

2026-06-06T15:53:58+00:00Added an answer on June 6, 2026 at 3:53 pm

This will make all Mongoid::Documents by default accept no fields to mass-assignment. This is probably not exactly what you want, as you will not be able to @model.update(params[:model)

You’ll almost certainly want to go into the document and add:

attr_accessible :first_name, :last_name

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have added this fix https://gist.github.com/2382288 for protect all fields against mass assignment in

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply