Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

All fields are shown on serialize (to_xml and to_json, etc) #56

Open
mrflip opened this Issue · 0 comments

1 participant

@mrflip

All fields in a user object are shown by default, including the persistence-token, crypted password, salt, email address and openid.

You can disable the formatted routes, or you can sanitize these fields by overriding to_xml, to_json, etc to always use the
:only => [...whitelisted fields...]
flag. (The attr_visible plugin http://github.com/mrflip/attr_visible helps implement the latter)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.