There was discussion a while back about adding a way to protect properties from mass assignment, particularly useful when you do something like User.new(params[:user]) in Merb. A spoofed form could set anything in the object. Is there another way to protect against this or has any change been made? It seems this is pretty critical to write any kind of secure web app concisely.
Old thread (which doesn't accept replies anymore). http://groups.google.com/group/datamapper/browse_thread/thread/176187c63890e172/a69e0b479f477b11 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "DataMapper" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/datamapper?hl=en -~----------~----~----~----~------~----~------~--~---
