Skip to content
This repository


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Checks Ruby on Rails models for use of the attr_accessible white list.

branch: master

Fetching latest commit…


Cannot retrieve the latest commit at this time

Octocat-spinner-32 app
Octocat-spinner-32 config move audit code to a class May 26, 2008
Octocat-spinner-32 db
Octocat-spinner-32 lib
Octocat-spinner-32 script
Octocat-spinner-32 tasks
Octocat-spinner-32 test
Octocat-spinner-32 .gitignore
Octocat-spinner-32 .loadpath
Octocat-spinner-32 .project
Octocat-spinner-32 CHANGELOG
Octocat-spinner-32 MIT-LICENSE
Octocat-spinner-32 README
Octocat-spinner-32 Rakefile
Octocat-spinner-32 audit_mass_assignment.gemspec
Octocat-spinner-32 init.rb
Moved to GitHub from Google Code on May 1, 2008
Was hosted at

= audit_mass_assignment plugin for Ruby on Rails

  The audit_mass_assignment Ruby on Rails plugin contains a rake task that
  checks the models in your project for the attr_accessible whitelist approach
  for protecting against "mass assignment" exploits.  It does not check for
  use of attr_protected.

== Installation

  gem install ryanlowe-audit_mass_assignment --source

== Usage

  $ rake audit:mass_assignment

== Notes

  If you want to protect ALL attributes in your model use:
    attr_accessible nil

  Why are "mass assignment" exploits a danger to Rails applications? See these links:
  1. Do not create records directly from form parameters
  2. Railscasts: Hackers Love Mass Assignment
  3. Rails Manual: Typical mistakes in Rails applications: Creating records directly from form parameters
Something went wrong with that request. Please try again.