class Simplabs::Excellent::Checks::Rails::AttrAccessibleCheck
This check reports ActiveRecord
models that do not specify attr_accessible
. Specifying attr_accessible
is viable to protect models from mass assignment attacks (see guides.rubyonrails.org/security.html#mass-assignment). attr_accessible
specifies a list of properties that are writeable by mass assignments. For a User
model for example, that list would possibly include properties like first_name
and last_name
while it should not include properties like is_admin
.
Applies to¶ ↑
-
ActiveRecord
models