This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

Update README.rdoc

Add a note about securing ActiveRecord resources by default, as an alternative to having to make sure each model is protected.
  • Loading branch information...
bryanrite committed Feb 16, 2013
1 parent 368141d commit 40fd0a70e18191f19d4249c79b9edc7b2b0d6034
Showing with 4 additions and 0 deletions.
  1. +4 −0 README.rdoc
View
@@ -72,6 +72,10 @@ every model you want protected.
include ActiveModel::ForbiddenAttributesProtection
end
+Alternatively, you can protect all ActiveRecord resources by default by creating an initializer and pasting the line:
+
+ ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)
+
If you want to now disable the default whitelisting that occurs in later versions of Rails, change the +config.active_record.whitelist_attributes+ property in your +config/application.rb+:
config.active_record.whitelist_attributes = false

0 comments on commit 40fd0a7

Please sign in to comment.