I'm working on securing an existing Rails 3 project. Running brakeman, I'm receiving this warning for many model classes: "Potentially dangerous attribute available for mass assignment: :example_id"
All of the warnings are on _id columns.
The models currently look like this:
class Comment < ActiveRecord::Base
attr_accessible :commentable_id, :content, :user_id
Along with the main question, if the _id columns are removed to satisfy the warnings, what is the proper way to set these fields then?
Aucun commentaire:
Enregistrer un commentaire