By SamStephens on March 8, 2012
I followed with some interest the debate around the “mass assignment vulnerability” recently reported in Rails. I dislike the way the whole debate is couched assuming access control at the model level. When you are stating that an attribute cannot be assigned, you are stating that to assign this attribute from the controller, you can’t use the normal update_attributes method, and must update it explicitly.
Posted in Rails | Tagged Opinion, rails, ViewModel |
By SamStephens on May 24, 2011
I run a pair of Ruby on Rails sites, http://janeallnatt.co.nz and http://postmoderncore.com. I use Capistrano to deploy updates to both of these sites. Once I built these sites and got Capistrano working, I realised that the database should be deployed as part of the Capistrano deploy.
Posted in Rails | Tagged Capristrano, Database, Deploy, rails, ruby |
