Y
Hacker News
new
|
ask
|
show
|
jobs
by
mikeycgto
4915 days ago
If you've recently started a new Rails project (or are thinking about it), you should use strong_parameters right off the bat!
3 comments
joevandyk
4915 days ago
I'm not 100% positive, but I don't think strong_parameters would do anything to protect you here.
link
steveklabnik
4915 days ago
It would not have helped with this vulnerability, no. But it is a better way of handling filtering appropriate parameters.
link
pekk
4915 days ago
Why is strong_parameters not the only way? Rails is pretty opinionated in many other respects...
link
bratsche
4915 days ago
It was opinionated to use attr_accessible until a better approach came along. Beginning in 4.0 it will be opinionated to use strong_parameters, but they can't just take attr_accessible away because a lot of people are upgrading apps.
link
jenius
4915 days ago
It will be the default in rails 4... so soon : )
link
steveklabnik
4915 days ago
The downside of 'don't break APIs for minor version changes' means that you can't break APIs until the major version changes. ;)
link
steveklabnik
4915 days ago
Agreed! That is what I teach when I do training.
link