You may want to take a look at attr_accessible / attr_protected and friends - they handle the common case where you don't want to allow mass-assignment of some attributes.
--Matt Jones On Aug 19, 7:32 am, Frederick Cheung <frederick.che...@gmail.com> wrote: > On Aug 19, 12:07 pm, Mukund <marut...@yahoo.com> wrote:> You can enable the > :protect_from_forgery which puts in an authenticity > > token with every form. This is on by default in the new version of > > Rails. This is a random ID tied down with the session. This is not > > the same as what you are looking for, but it will probably suffice. > > Actually i think it is completely different. That is protection from > csrf attacts, whereas Trausti is (I think) concerned about a user > editing the page to change the value of a hidden field or things like > that. > > Fred > > > > > On Aug 19, 2:47 pm, Trausti Thor Johannsson <traust...@gmail.com> > > wrote: > > > > In cakephp, you have Secure component. It takes certain form values > > > like id and User_id and such and encodes them. > > > How is this done in rails ? I don't want the user to change ids on > > > items for deletions and such. > > > > Trausti --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---