如何在Mongoid应用程序中保护所有字段免受质量分配 [英] How protect all fields against mass assignment in mongoid app
问题描述
我已添加此修复程序 https://gist.github.com/2382288 用于保护所有字段反对在monongoid应用程序中进行质量分配.
I have added this fix https://gist.github.com/2382288 for protect all fields against mass assignment in mongoid app.
在我的config/initializers/mongoid.rb
中已添加此修复程序:
in my config/initializers/mongoid.rb
I have added this fix:
module Mongoid
module MassAssignmentSecurity
extend ActiveSupport::Concern
included do
attr_accessible nil
end
end
module Document
include MassAssignmentSecurity
end
end
我的问题是:
此修补程序可以完全保护您的应用程序免受大规模分配的攻击吗?
还是建议添加 attr_accessible
每个模型中的所有属性?
推荐答案
默认情况下,这将使所有Mongoid :: Document不接受大量分配的字段.这可能不完全是您想要的,因为您将无法@model.update(params[:model)
This will make all Mongoid::Documents by default accept no fields to mass-assignment. This is probably not exactly what you want, as you will not be able to @model.update(params[:model)
您几乎肯定会想要进入文档并添加:
You'll almost certainly want to go into the document and add:
attr_accessible :first_name, :last_name
这篇关于如何在Mongoid应用程序中保护所有字段免受质量分配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!