You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
davout edited this page Jun 29, 2011
·
2 revisions
Coding guidelines
Security
Explicit whitelisting of expected parameters
All user input should be expected and the parameters that a user should be able to submit must be whitelisted using the attr_accessible class method.
If a parameter is acceptable for certain actions and is forbidden on other actions it must not be whitelisted, it must be handled explicitly in the action that needs it.