It doesn't matter in that case cause even if a user will try to hack it, the merging of {:signing_up => true} will override hid value.
But to make it protected in all other parts of the app that use the User model: User attr_protected :signing_up def create @user = User.new(params[:user]) @user.signing_up = true @user.save end Dmitry --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---