Is there any reason why config.filter_parameters uses a blacklist approach? Why not convert it into a whitelist?
Whitelisting tends to be safer than blacklisting as developers may forget to blacklist parameters containing sensitive data. Kind Regards, Bruno Facca -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.
