Mass Assignment Testing
Mass assignment is a common Rails security issue, caused by Railsâs ability to save an arbitrary hash of attribute names and values to an instance by sending an entire hash as a parameter, as in new(params[:user]), create(params[:user]), or update_attributes(params[:user]). The security issue happens when somebody hacks a request and adds unexpected attributes to the incoming parameters, typically an attribute that you wouldnât want an arbitrary user to be able to change, such as User#admin or Project#public. (GitHub was famously hacked via this vector by a user who added himself as a committer to the Rails repo.)
Rails 4 provides the concept of strong parameters to allow you to identify parts of the parameter hash ...
Get Rails 4 Test Prescriptions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.