Project

ryanlowe-audit_mass_assignment

0.0
No commit activity in last 3 years
No release in over 3 years
ryanlowe-audit_mass_assignmentryanlowe/audit_mass_assignmentHomepageDocumentationSource CodeBug TrackerWiki
Checks Ruby on Rails models for use of the attr_accessible white list
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
7,986
Stars
7
Forks
0
Watchers
3
 Releases
Current version
0.1.5
Total releases
3
First release
2008-05-26
Latest release
2008-05-28
 Development
Primary Language
Ruby
Average date of last 50 commits
2008-05-19
Reverse Dependencies
0

 Dependencies

Runtime

rails
> 2.0.0
 Project Readme
Moved to GitHub from Google Code on May 1, 2008
Was hosted at http://code.google.com/p/audit-mass-assignment/

= audit_mass_assignment plugin for Ruby on Rails

  The audit_mass_assignment Ruby on Rails plugin contains a rake task that
  checks the models in your project for the attr_accessible whitelist approach
  for protecting against "mass assignment" exploits.  It does not check for
  use of attr_protected.

== Installation

  gem install ryanlowe-audit_mass_assignment --source http://gems.github.com/

== Usage

  $ rake audit:mass_assignment

== Notes

  If you want to protect ALL attributes in your model use:
  
    attr_accessible nil

  Why are "mass assignment" exploits a danger to Rails applications? See these links:
  
  1. rorsecurity.info: Do not create records directly from form parameters
     http://www.rorsecurity.info/2007/03/20/do-not-create-records-directly-from-form-parameters/
  
  2. Railscasts: Hackers Love Mass Assignment
     http://railscasts.com/episodes/26
  
  3. Rails Manual: Typical mistakes in Rails applications: Creating records directly from form parameters
     http://manuals.rubyonrails.com/read/chapter/47