RailsCasts Pro episodes are now free!
Learn more or hide this
GitHub User: rahulcee
Ryan, What if you have a model where none of the attributes should be modified by the user (an e-commerce app for example where the admin only can add products)? You say that attr_protected leaves a vulnerability and should be avoided...so what is the alternative? Should I simply have a line for attr_accessible and assign no attributes to it?
Thanks for the screencast!