I personally think we should deprecate attr_protected, and go with whitelisting only (attr_accessible + strong_parameters) route. I think it make more sense from the security standpoint, and all the exploit we have seen.
Core teams, wdyt? - Prem -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
