Questions about this topic? Sign up to ask in the talk tab.

Mass Assignment

From NetSec

Revision as of 07:43, 19 May 2012 by User (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Typically used in Ruby on Rails, sometimes people will use the following code to create an ActiveRecord object to add a database entry:

<syntaxhighlight lang=ruby>

@user=User.new(params[:user])

</syntaxhighlight>

There have been problems with RoR in the past with mass assignment.

Retrieved from "http://nets.ec/index.php?title=Mass_Assignment&oldid=5606"

Exploitation

Navigation menu